Spamta Virus Warning Issued

PandaLabs has issued warnings about the rapid propagation of two new members of the Spamta family:

• The Spamta.VK worm worm downloads several malicious files once it is run and connects to several servers to send itself out by e-mail.
• The Spamtaload.DT Trojan has an icon similar to that of text files. When run, it shows an error message and creates a key in the Registry Windows to ensure it is run every time the system is started up.

Both spread together and have accounted for up to 80 percent of malware detections reported to PandaLabs per hour. The Spamta family has been extremely active over the last few months.

When Spamta.VK infects a computer, it connects to several servers to send out massive amounts of emails. These emails include a copy of Spamtaload.DT, generally hidden in an executable file. Spamtaload.DT, in turn, downloads a copy of Spamta.VK to each computer it infects, starting the infection cycle all over again.

"This is a clear example of a combined attack. The worm’s propagation features are used to distribute the Trojan, which, in turn, ensures proliferation by infecting each computer with a new copy of the worm. This technique explains the large number of infections reported to PandaLabs", says Luis Corrons, Technical Director of PandaLabs. "The attacks of Spamta codes usually involve the appearance of several variants in a short period of time. This aims at having security companies and users concentrate on one or a few variants, whereas the rest go completely unnoticed and continue to infect. Users should be on their guard against the possibility of new malicious codes appearing. It is also advisable to have proactive technologies, like TruPrevent, which detect known and unknown malicious codes."

Posted by Jon Erickson at 12:51 PM  Permalink