Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

WhitePaper: Sality: Story of a Peer to-Peer Viral Network

Created: 07 Oct 2011 • Updated: 07 Oct 2011 | 1 comment
Mithun Sanghavi's picture
+2 2 Votes
Login to vote


W32.Sality is a file infector that spreads by infecting executable files and by replicating itself across network shares. Infected hosts join a peerto-peer network used to propagate malware on the compromised computer. Typically, those additional programs will be used to relay spam, proxy communications, steal private information, infect Web servers or achieve distributed computing tasks, such as password cracking.

The combination of file infection mechanism and the fully decentralized peer-to-peer network, along with other anti-security measures, make Sality one of the most effective and resilient malware in today’s threat landscape. Estimations show that hundreds of thousands of machines are infected by Sality.
This paper will give an overview of Sality and briefly describe the architecture of the malware. The core of this paper focuses on the peer-topeer characteristics of Sality, and examines its strengths and potential limitations. Finally, I will describe current trends and metrics for Sality.

Comments 1 CommentJump to latest comment

patriot3w's picture

great, hope can share more this kind of document.

Login to vote