Register
•
Search
•
FAQ
•
Memberlist
•
Usergroups
•
Galleries
•
Log in
Jetmen Revival downloads Forum Index
»
Links
Post a reply
Username
Subject
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Tiny
Small
Normal
Large
Huge
Close Tags
Add image to post
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
Confirmation code: *
All times are GMT + 2 Hours
Jump to:
Select a forum
----------------
JETMEN ONLINE
Jetmen Revival
----------------
Jetmen Revival Downloads
Links
Graphics
Music
Other games
Topic review
Topic review
Author
Message
02132Hdef
Posted: Fri 13:53, 06 May 2011
Post subject: W32Sality Anti Virus
.Sality commonly known as Sality Virus is a malware agenda which infects exe and scr files thereby spreading as many times the host is executed. This virus also includes an auto run component, as a result of which,
Puma California Women's
, it spreads to anybody removable media. Moreover this comes with a downloader Trojan component,
Puma L.I.F.T.Racer
, which downloads and installs more malware when interlocked to the network.
This virus first arose in 2003 in Russia. During that time, Sality was a tiny file infector, which used to prefix its viral code to a host and had back door and key recording facilities. Now it has improvised a lot with more additional features, which has made it more disadvantageous and perilous. However, Sality’s signature has remained the same. Get to understand approximately the virus in elaborate, get some technical support.
The Characteristics
Symantech.com has nicely explained the functions of this virus. The payload escapes scampers 5 distinct components in divide threads.
The premier component is a process injector. All processes besides those belonging to the consumers “local service”,
Puma Boot
, “network service”, or “system”, ambition be injected with a copy of Sality to make sure the malware stays running.
The second component is responsible for lowering or disabling the general security of the system. Security-related processes and services are stopped, including numerous antivirus and private firewall products. The registry is modified and SafeBoot key entries are deleted. Components such as registry editing with the Windows regedit.exe tool or Task Manager Creation are maimed. Firewall rules are joined to let Sality way the network.
Sality also dew a nucleus driver to a dynamically generated place in %System%\drivers and creates a service labeled “amsint32”. This driver is a rootkit, in dictate of 2 things. First, it ends processes when a regular call to TerminateProcess() fails. In fact, the rootkit is able to run dynamic code on to a target process. However,
Leading Warwick Podiatrists Eager To Provide Podia
, this code, at present, merely pertains to process termination.
The second feature is more interesting: the driver sets up an IpFilter callback function to process web packets. Ipfltdrv.sys is a criterion Windows driver that can be loaded by starting the IpFilterDriver service. Kernel drivers can set a callback function to be phoned by IpFilter every time an IP pouch works in or out. The callback can determine to drop the parcel. In a few words, IpFilter is a very linear access to build a uncomplicated Windows firewall. Sality uses the IpFilter to drip every IP packet embodying words that belong to an encrypted list of strings that make up security vendor’s URLs. The user-mode process can also instruct the driver to drip SMTP packets, blocking orthodox email interchange.
The third component is the infector itself. Sality is capable to infect files on regional drives for well as Windows shares. It also infects files referenced in the HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache registry opener, which references the most often-used executables on the system, as well as .exe files situated in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Note here that, the infection customary is effective ample to retard that a document is no defended at the Windows document conservation machinery (SFC) ahead attempting to infect it.
Let’s push above apt the fourth component: the downloader. Downloading and executing additional malware alternatively security hazards is the chief target of Sality. A compromised host carries with it a menu of HTTP URLs namely point to resources to be downloaded, decrypted, and executed. These URLs can also point to extra URLs. The encryption secondhand here is RC4,
Toyota Fact Finder
, with static keys embedded in the compromised host. Now the question is, how are the URLs updated in circumstance some of them obtain blocked, or more simply, whether the malware gang decides to make Sality download other components?
The question is given by the fifth and ultimate compon
fora.pl
- załóż własne forum dyskusyjne za darmo
Powered by
phpBB
© 2001, 2005 phpBB Group
Design by
Freestyle XL
/
Music Lyrics
.
Regulamin