Name of Malware: Sality

Type of Malware: Trojan, info stealer, keylogger, rootkit

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops etc.

Impact: high

What is Sality?

Sality steals data from infected systems and intercepts sensitive communication. It also uses system resources to send spam and perform distributed calculations (e.g. password cracking). 

How did I get infected with Sality?

Sality copies itself to all available removable media and network drives. When the infected media or drives are connected to a new system, the copy is run via an autostart configuration. enabling Sality to spread.

What do I have to do now?

Sality attempts to hide within the infected system. Due to the mechanisms used, Windows must be started up in safe mode on the infected system to remove the malware.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.