We’ve published a detailed analysis of Sality in a whitepaper titled, “Sality: Story of a Peer-to-Peer Viral Network.”
Sality is a file infector that spreads by infecting executable files and by replicating itself across network shares. Infected hosts join a peer-to-peer network used to propagate malware on the compromised computer. Typically, those additional programs will be used to relay spam, proxy communications, steal private information, infect Web servers, or achieve distributed computing tasks, such as password cracking.
The combination of file infection mechanism and the fully decentralized peer-to-peer network, along with other anti-security measures, make Sality one of the most effective and resilient malware in today’s threat landscape. Estimations show than hundreds of thousands of computers are infected by the virus.
In this comprehensive whitepaper, we introduce the readers to the threat and describe the architecture of the malware. The core of the paper focuses on the peer-to-peer characteristics of Sality, and examines its strengths and potential limitations. We also have a look at current trends and metrics.