| Vanliga namn: |
Sality.AN |
| Tekniska namn: |
|
| Alias: |
|
| |
|
| Typ: |
VIRUS |
| Storlek: |
91648 Bytes |
| |
|
DETECTIONS
|
| Antal upptäckter: |
|
| Första upptäckt: |
December 11, 2008 at 00:00 AM |
| Första land det upptäcktes i: |
|
| Senaste land det upptäcktes i: |
|
| |
|
|
Panda Cloud Antivirus Pro Edition
- Beteendeanalys av pågående processer.
- Automatisk USB-vaccination som skyddar mot automatiserad skadlig kod.
- Automatisk uppgradering av nya produktfeatures (brandvägg osv.) direkt vid release.
- VIP-support 24x7 flerspråkig teknisk support.
|
|
Brief Description Sality.AN is a Trojan which infects the files with an EXE, PIF and SCR extension it finds in the affected computer. Additionally, it downloads several variants of the Sinowal family, which are Trojans designed to steal banking data. On the other hand, it reduces considerably the security level of the computer, as it deletes Windows Registry entries belonging to several antivirus programs. This would leave the computer vulnerable against the attack of other threats. Sality.AN uses the following means to spread: - It infects files with an EXE, PIF and SCR extension, which are then distributed through any of the usual means: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
- It makes copies of itself in all the system and removable drives.
|
Effects
Sality.AN carries out the following actions:
- It infects files with an EXE. PIF and SCR extensions.
- It downloads several variants of the Trojan family called Sinowal, which are designed to steal banking data. Additionally, it can receive instructions remotely, such as sending spam messages.
- It disables the following items:
- Windows Registry Editor.
- Task manager, which would prevent the user form viewing the processes that are being run. - It prevents the computer from being started in Safe Mode.
- It uses the rootkit detected as Rootkit/Sality.AM, in order to make its detection more difficult, as it hides its processes, files and Windows Registry entries.
- It reduces considerably the security level of the computer considerably, as it deletes many Windows Registry entries belonging to several antivirus programs. This would prevent them from working properly, leaving the computer vulnerable against other threats.
- On the other hand, it adds itself to the list of authorized applications by the firewall, in order to avoid being blocked.
Mer information om virus Sality.AN i uppslagsverket
Tillbaka