Win32/Sality is a family of malware that has been using a peer-to-peer botnet since at least 2003. It is a file infector and a trojan downloader, the latter of which is mainly used to send spam, although it has been used for different purposes such as faking advertising network traffic, distributed denial of service or VoIP account cracking. All commands and files exchanged through Sality’s P2P network are digitally signed, making it resilient to protocol manipulation. Its modular architecture as well as the longevity of the botnet shows good programming practice and an efficient software design.
Win32/Sality newest component: a router’s primary DNS changer named Win32/RBrute
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.