The future meets the past in virus Sality.AO

5th March 2009

PandaLabs recorded an increasing number of infections and new modifications of the virus Sality, which combines infectious technologies of old viruses with newest techniques for obtaining financial profit.
So, in this regard PandaLabs advises users to be prepared for a possible mass attack. Sality.AO can infect files and damage many computers and, at the same time, can be of great use to cyber-criminals. It uses some technologies that can cause Emergency Power Off or Cavity. Emergency power off allows a part of the right file to run before the start of infection, thus, making it harder to detect malicious code. With the help of the cavity the virus code builds into the blank areas of a normal file - with the same purpose.
These technologies are much more complicated than those that can be realized with the use of automated tools for creating malware. Technologies used for Sality.AO imply, that their creators are really skilled and very-well educated in this field. As for new technologies contained in Sality.AO they include, for instance, connections via IRC-channels for receiving remote commands. This way, infected machines can be used to send spam, spread malware, perform DOS-attacks, etc.
As you can judge, the mixture of old and present technologies is very dangerous. Their main threat consists in turning computers into Zombie. We can only imagine what may happen in the event of mass attacks.