New Virus on the Prowl - Sality.AO

by CXOtoday Staff    Feb 19, 2009

Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity, said a recent report released by Panda Security’s lab.

EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware. Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.

The virus is not just restricted to files, but can propagate across the Internet, directing the browser without the user’s knowledge to a malicious page, according to the report.

"As we forecast in our annual report, the distribution of classic malicious code such as viruses will be a major trend in 2009," said Luis Corrons, technical director of PandaLabs.

 More information on EPO 

More Information on Cavity 

Related Article:

Panda Says Malware on the Rise