The Spamta.CY worm poses as a tool to disinfect computers

PandaLabs has detected the mass-mailing of spam messages carrying files infected with the Spamta.CY worm. Through its worldwide network sensors based on the TruPreventTM Technologies distributed across the computers of millions of users who have them installed, PandaLabs has detected various incidents caused by this new worm on users’ computers.

Spamta.CY reaches computers in an email message with a variable subject, as it is selected at random from a list of options. The message body contains a text warning users that email messages are being sent from their computers because it is infected with a malicious code. The original text of this message is the following:

————————————
Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.

After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses

Please install updates for worm elimination and your computer restoring.

Best regards,

Customers support service
————————————

However, sometimes this field can be blank.

This email includes a file with a name randomly chosen, as doc.dat.exe, body.zip or test.elm.exe, which actually contains Spamta.CY. If this file is run, the worm opens Windows Notepad and displays a series of nonsensical characters. At the same time, it looks for addresses stored on the system to which it sends itself using its own SMTP engine.