Botnet

Sality

First seen: 2003 • Status: active

Currently Active Threat

Sality is an ancient computer virus that has survived for over 20 years by hiding in program files and spreading copies of itself.

Overview

Sality is a long-running file infector virus and botnet. Despite its age, it continues to spread through infected executables and network shares.

Also Known As

Sector, Kuku

How It Spreads

  • File infection
  • Network shares
  • USB drives
  • P2P networks

What It Does

  • File infection
  • Botnet operations
  • Payload delivery
  • Antivirus termination

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Scan executables for Sality infection
  • Monitor for antivirus process termination
  • Check for P2P network activity
  • Review USB device usage

MITRE ATT&CK Techniques

T1091, T1021, T1562, T1105

If You're Infected

  1. 1.

    Run dedicated Sality removal tools

  2. 2.

    Restore infected files from clean backups

  3. 3.

    Disable USB autorun

  4. 4.

    Block network share propagation

Related Malware

Virut, Ramnit, Conficker

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices