Sality is a well known family of file-infectors (or PE-infectors or just a viruses). And as malware it has a very long story of evolution since 2003. Latest it versions contain rootkit on board to complicate detection from side of AV-scanners.
Driver has such features:
- Processes termination via NtTerminateProcess;
- Blocking access to some AV web-resources via IP Filtering;
- Small size ~ 5 KB.
According analysis, rootkit is targeted to Windows starting NT4 and finishing Vista. It should be said in advance that this rootkit is not a NEW and not contains some features which have modern rootkits or bootkits.
read more.....http://artemonsecurity.blogspot.fr/2013/01/sality-rootkit-analysis.html