“Traditional” with a twist: malware goes retro with the spread of the Sality.AO virus

Panda Security has noted an increase in the number of infections caused by Sality.AO, a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals. The global security vendor is therefore advising users to be on their guard against a potentially massive attack.

“Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity,” says Jeremy Matthews, the head of Panda Security’s sub-Saharan operations.

“These techniques relate to the way in which the original file is modified in order to infect it, making it more difficult to detect these changes and to disinfect it. EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware while Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.”

Continued here