Discovered: April 20, 2008
Updated: August 10, 2008 11:06:05 AM
Also Known As: TROJ_AGENT.XOO [Trend], W32/Sality.ae [McAfee], Sality.AG [Panda Software], Win32/Sality.Z [Computer Associates], Win32/Sality.AA [Computer Associates], W32/Sality.AA [F-Secure]
Type: Virus
Infection Length: 57,344 bytes
Systems Affected: Windows XP, Windows NT, Windows 2000
W32.Sality.AE is a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
Note: Symantec strongly recommends that customers take specific steps to control the execution of applications referenced in autorun.inf files that may be located on removable and network drives. Threats such as this one frequently attempt to spread to other computers using these avenues. Configuration changes made to a computer can limit the possibility of new threats compromising it. For more information, see the following document:
How to prevent a virus from spreading using the "AutoRun" feature Virus definitions dated April 20, 2008 or earlier detect this threat as
W32.Bacalid!inf.
Protection
-
Initial Rapid Release version April 21, 2008 revision 001
-
Latest Rapid Release version November 20, 2009 revision 004
-
Initial Daily Certified version April 21, 2008 revision 003
-
Latest Daily Certified version November 20, 2009 revision 005
-
Initial Weekly Certified release date April 23, 2008
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
-
Damage Level: Medium
-
Payload: May download potentially malicious files.
Distribution
-
Distribution Level: Low
-
Target of Infection: Infects executable files
Writeup By: Kaoru Hayashi
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
