Detect Date 09/29/2015
Class Virus
Platform Win32

Malware of this family comprises widespread polymorphic infectious viruses. The Sality virus was first detected in July 2003. Modifications were made later: its decryption algorithms and methods for infecting programs have changed considerably. The body of the virus is located at the end of the last section of the infected program. The first part of the virus is heavily obfuscated (i.e., the code is obscured) and decrypts the other code. Malicious functions of the virus are implemented as separate modules, which can be downloaded from URLs or via peer-to-peer networking.

Geographical distribution of attacks by the Virus.Win32.Sality family


Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 India 19.12
2 Vietnam 18.47
3 Algeria 5.68
4 Russia 5.10
5 Egypt 4.20
6 Bangladesh 3.64
7 Indonesia 2.59
8 Turkey 2.14
9 Brazil 2.06
10 Nepal 1.76

* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware