ThreatExpert's Statistics for Mal/Sality-B [Sophos]:

Mal/Sality-B [Sophos] is also known as:

Threat Alias	Number of Incidents
Virus:Win32/Sality.AM [Microsoft]	523
W32/Sality.gen [McAfee]	521
Virus.Win32.Sality.aa [Kaspersky Lab]	507
W32.Sality.AE [Symantec]	468
PE_SALITY.BU [Trend Micro]	367
Win32/Kashu.B [AhnLab]	335
Virus.Win32.Sality [Ikarus]	259
Virus.W32.Sality [Ikarus]	87
PE_SALITY.BU-O [Trend Micro]	80
PE_SALITY.BU-1 [Trend Micro]	32
Malware.Sality [PC Tools]	25
Trojan.Win32.Crypt [Ikarus]	20
W32.SillyFDC [Symantec]	12
PE_SALITY.JER [Trend Micro]	10
IM-Worm.Win32.VB [Ikarus]	8
W32.Imaut.AS [Symantec]	7
Worm:Win32/Sohanad.I [Microsoft]	7
Backdoor.Trojan [Symantec]	6
IM-Worm.Win32.Sohanad [Ikarus]	6
Trojan Horse [Symantec]	6
BackDoor-CEP.svr [McAfee]	5
Trojan.Autoit [Ikarus]	5
Trojan.Win32.Autoit.ci [Kaspersky Lab]	5
Virus.Win32.Bifrose [Ikarus]	5
Backdoor.Bifrose.AHY [PC Tools]	4
Trojan.Win32.KillAV.ayh [Kaspersky Lab]	4
W32.Imaut [Symantec]	4
W32.Imaut.A [Symantec]	4
Worm.Sohanad.U [PC Tools]	4
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	3
BackDoor-EEF [McAfee]	3
P2P-Worm.Win32.Malas.g [Ikarus]	3
P2P-Worm.Win32.Malas.r [Kaspersky Lab]	3
Trojan.Midgare.hhn [PC Tools]	3
Trojan.Win32.Agent.bcn [Kaspersky Lab]	3
Trojan.Win32.VB [Ikarus]	3
Trojan-Dropper.Win32.Flystud.B [Ikarus]	3
Trojan-Spy.Ardamax.J [Ikarus]	3
TrojanSpy.Ardamax.WQ [PC Tools]	3
W32.Imaut.N [Symantec]	3
W32.Linkfars [Symantec]	3
Worm.Win32.AutoRun [Ikarus]	3
Backdoor.Bifrose [Symantec]	2
Email-Worm.Win32.Brontok.ab [Ikarus]	2
Gen.Win32 [Ikarus]	2
JS.Chir.B [PC Tools]	2
New Malware.cn [McAfee]	2
New Malware.fa [McAfee]	2
Packed.Win32.Krap.b [Kaspersky Lab]	2
Trojan.Win32.Agent.cru [Kaspersky Lab]	2
VirTool.Win32.VBInject [Ikarus]	2
Virus.Win32.Hakaglan [Ikarus]	2
W32.Blastclan.B [Symantec]	2
W32.Gammima.AG [Symantec]	2
W32.Imaut.AA [Symantec]	2
W32.Rontokbro.AN@mm [Symantec]	2
W32/Sality.ao [McAfee]	2
Worm.AutoIt.dn [PC Tools]	2
Worm.AutoRun.ADQ [PC Tools]	2
Worm.VB.ZUI [PC Tools]	2
Worm.Win32.VB.mz [Ikarus]	2
Worm:AutoIt/Sohanad.AQ [Microsoft]	2
Backdoor.Bifrost [Ikarus]	1
Backdoor.Trojan [PC Tools]	1
Backdoor.Win32.Bifrose [Ikarus]	1
Backdoor.Win32.Bifrose.fmv [Kaspersky Lab]	1
Backdoor:Win32/Bifrose [Microsoft]	1
Backdoor:Win32/Bifrose.FH [Microsoft]	1
Backdoor:Win32/Bifrose.gen!C [Microsoft]	1
BackDoor-CEP!hv.a [McAfee]	1
BehavesLike.Win32.Malware [Ikarus]	1
BKDR_AHZE.SMM [Trend Micro]	1
Email-Worm.Win32.Rays [Ikarus]	1
Email-Worm.Win32.Rays.d [Kaspersky Lab]	1
Email-Worm.Win32.Runouce.B [Ikarus]	1
Generic Downloader.aj [McAfee]	1
Generic Dropper.bw [McAfee]	1
Generic PWS.ak [McAfee]	1
IM-Worm.Win32.Sohanad.ao [Kaspersky Lab]	1
IM-Worm.Win32.Sohanad.gu [Kaspersky Lab]	1
New Malware.bx [McAfee]	1
not-a-virus:AdWare.Win32.MyWebSearch [Ikarus]	1
P2P-Worm.Win32.Palevo [Ikarus]	1
P2P-Worm.Win32.Palevo.ddm [Kaspersky Lab]	1
PE_SALITY.DAM [Trend Micro]	1
PWS-Gamania.gen.a [McAfee]	1
PWS-Gamania.gen.o [McAfee]	1
Trojan.Generic [Ikarus]	1
Trojan.Inject.ldi [PC Tools]	1
Trojan.VB.ilm [PC Tools]	1
Trojan.Vundo [Ikarus]	1
Trojan.Win32.Autoit.ao [Ikarus]	1
Trojan.Win32.Autoit.xp [Kaspersky Lab]	1
Trojan.Win32.Inject [Ikarus]	1
Trojan.Win32.Obfuscated [Ikarus]	1
Trojan.Win32.Pakes.cob [Kaspersky Lab]	1
Trojan.Win32.VB.ilm [Kaspersky Lab]	1
Trojan.Win32.VB.jqm [Kaspersky Lab]	1
Trojan:Win32/Midgare.A [Microsoft]	1
Trojan-Downloader.Win32.AutoIt [Ikarus]	1

Mal/Sality-B [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Taiwan	31
	United Kingdom	30
	Russian Federation	19
	China	17
	Spain	14
	Germany	10
	Turkey	8
	Republic of Korea	5
	Sweden	5
	France	4
	Israel	4
	Japan	4
	Saudi Arabia	4
	Australia	3
	Iran	3
	Brazil	2
	Poland	2
	Belgium	1
	Canada	1
	Croatia	1
	Czech Republic	1
	Italy	1
	Netherlands	1
	Thailand	1
	United Arab Emirates	1
	Viet Nam	1

Mal/Sality-B [Sophos] is known to be created as:

%AllUsersProfile%\smss.exe

%AppData%\foxitreader_setup.exe

%AppData%\spool.exe

%AppData%\usrinit.exe

%CommonAppData%\microsoft\user account pictures\my_heart.exe

%CommonDocuments%\my music\my_heart.exe

%CommonDocuments%\my music\sample music\my_heart.exe

%CommonDocuments%\my pictures\my_heart.exe

%CommonDocuments%\my pictures\sample pictures\my_heart.exe

%CommonDocuments%\my videos\my_heart.exe

%CommonDocuments%\my_heart.exe

%CommonPrograms%\startup\lsass.exe

%CommonPrograms%\startup\my_heart.exe

%CommonPrograms%\startup\svchots.exe

%FontsDir%\fonts.exe

%FontsDir%\tskmgr.exe

%LocalSettings%\startup.exe

%Profiles%\default user\my documents\my_heart.exe

%Profiles%\default user\nethood\my_heart.exe

%Profiles%\default user\start menu\programs\startup\my_heart.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\common files\adobeupdate.exe

%ProgramFiles%\xpcode\sexgame.exe

%ProgramFiles%\xpcode\sexscreensaver.scr

%Programs%\startup\svchots.exe

%System%\%computername%\my_heart.exe

%System%\1126\ctfmon.exe

%System%\amvo.exe

%System%\avpo.exe

%System%\bifrost\server.exe

%System%\blastclnnn.exe

%System%\bycool1\log.exe

%System%\bycool1\windo.exe

%System%\dllcache\default.exe

%System%\dllcache\global.exe

%System%\dllcache\regedit32.com

%System%\dllcache\shell32.com

%System%\dllcache\svchost.exe

%System%\dllchache.exe

%System%\drivers\ctfmon.exe

%System%\drivers\drivers.cab.exe

%System%\dxgdialog.exe

%System%\gphone.exe

%System%\kabo0o-serever.exe

%System%\kamsoft.exe

%System%\logoneui.exe

%System%\lsas.exe

%System%\m5vbvm60.exe

%System%\msmsgs.exe

%System%\my_heart.exe

%System%\olhrwef.exe

%System%\reader_s.exe

%System%\regedit.exe

%System%\regsvr.exe

%System%\rund1132.exe

%System%\runouce.exe

%System%\rvhost.exe

%System%\save.exe

%System%\scvhost.exe

%System%\scvshosts.exe

%System%\scvvhsot.exe

%System%\sscvihost.exe

%System%\sscviihost.exe

%System%\ssvichosst.exe

%System%\svchots.exe

%System%\twex.exe

%System%\win2x.exe

%System%\winhelp.exe

%System%\winsec.exe

%System%\winsit.exe

%System%\xp-c300c3ac.exe

%Temp%\0003fef3_rar\xp-c300c3ac.exe

%Temp%\0004c6b7_rar\xp-c300c3ac.exe

%Temp%\0004c782_rar\xp-c300c3ac.exe

%Temp%\00050bbf_rar\rvhost.exe

%Temp%\00050f59_rar\scvvhsot.exe

%Temp%\000545ab_rar\rvhost.exe

%Temp%\000548b8_rar\scvvhsot.exe

%Temp%\000549d2_rar\blastclnnn.exe

%Temp%\000556c2_rar\scvvhsot.exe

%Temp%\000556e1_rar\rvhost.exe

%Temp%\00055710_rar\sscvihost.exe

%Temp%\000557ad_rar\scvvhsot.exe

%Temp%\000559fe_rar\xp-c300c3ac.exe

%Temp%\00055ae9_rar\scvhost.exe

%Temp%\00055f6d_rar\msmsgs.exe

%Temp%\00058bec_rar\msmsgs.exe

%Temp%\00058f28_rar\rvhost.exe

%Temp%\00058fc4_rar\scvvhsot.exe

%Temp%\00058ff3_rar\sscvihost.exe

%Temp%\000590ed_rar\scvvhsot.exe

%Temp%\000590fc_rar\blastclnnn.exe

%Temp%\0005916a_rar\slave.exe

%Temp%\000591f6_rar\xp-c300c3ac.exe

%Temp%\00059206_rar\slave.exe

%Temp%\00059225_rar\blastclnnn.exe

%Temp%\00059300_rar\blastclnnn.exe

%Temp%\000593ea_rar\scvhost.exe

%Temp%\000594c5_rar\blastclnnn.exe

%Temp%\0005a4e2_rar\smss.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ComputerName% is a variable that refers to the current computer name.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).