Malware type: Backdoor

Aliases: Virus.Win32.Sality.k (Kaspersky), W32/Sality.n.dll (McAfee), W32/Sality.L.1 (Avira), W32/Sality-I (Sophos), Worm:Win32/Sality.G.dll (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This backdoor program is usually dropped by PE_SALITY.AE.

Once registered, this backdoor program inserts its process in all running processes of an affected machine.

This is Trend Micro's detection for a .DLL file used by other malware programs in performing their malicious routines. One of the said routines include searching for an Internet connection by accessing a valid Microsoft Web site. If there is an Internet connection, this backdoor then attempts to download possibly malicious files from the Internet.

It opens a random port and awaits for commands, which it executes locally, from a remote malicious user.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 27, 2006 5:18:26 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.