Welcome to the Virus Encyclopedia of Panda Security.
It infects executable files (with an EXE, PIF and SCR) and downloads variants of the Trojan family called Sinowal, designed to steal user's banking details. It spreads by distributing the previously infected files and making copies of itself in the system and removable drives.
|First detected on:||Nov. 30, 2008|
|Detection updated on:||Dec. 18, 2008|
|Yes, using TruPrevent Technologies
Sality.AN is a Trojan which infects the files with an EXE, PIF and SCR extension it finds in the affected computer.
Additionally, it downloads several variants of the Sinowal family, which are Trojans designed to steal banking data.
On the other hand, it reduces considerably the security level of the computer, as it deletes Windows Registry entries belonging to several antivirus programs. This would leave the computer vulnerable against the attack of other threats.
Sality.AN uses the following means to spread:
- It infects files with an EXE, PIF and SCR extension, which are then distributed through any of the usual means: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
- It makes copies of itself in all the system and removable drives.
Sality.AN is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.>