Malware of this family comprises widespread polymorphic infectious viruses. The Sality virus was first detected in July 2003. Modifications were made later: its decryption algorithms and methods for infecting programs have changed considerably. The body of the virus is located at the end of the last section of the infected program. The first part of the virus is heavily obfuscated (i.e., the code is obscured) and decrypts the other code. Malicious functions of the virus are implemented as separate modules, which can be downloaded from URLs or via peer-to-peer networking.
Geographical distribution of attacks by the Virus.Win32.Sality family
Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware