1. /
  2. Security Response/
  3. W32.Sality.AM


Risk Level 2: Low

April 18, 2009
April 19, 2009 10:49:10 AM
Infection Length:
69,632 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
W32.Sality.AM is a worm that spreads by infecting executable files and copying itself to removable drives.

For more information, please see the following resources:

Antivirus Protection Dates

  • Initial Rapid Release version April 18, 2009 revision 020
  • Latest Rapid Release version February 19, 2013 revision 016
  • Initial Daily Certified version April 18, 2009 revision 022
  • Latest Daily Certified version April 11, 2011 revision 021
  • Initial Weekly Certified release date April 22, 2009
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: High
  • Payload: Downloads additional files onto the computer.
  • Deletes Files: Deletes files with .vdb, .avc and .key in the filename and also files listed under certain registry subkeys.
  • Modifies Files: Infects executable files.
  • Compromises Security Settings: Ends processes and lowers security settings by modifying the registry.


  • Distribution Level: Medium
  • Shared Drives: Attempts to infect files on network resources and copies itself to removable drives.
  • Target of Infection: Infects executable files.
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Piotr Krysiuk and Kaoru Hayashi

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report