PandaLabs continues to detect new variants of the Spamta email worms. In fact, 67 new variants of this worm have been identified in the last 7 days, bringing the total number of Spamta variants in circulation to almost one hundred. The latest variant detected so far is Spamta.GO.
All the Spamta variants in circulation are very similar, with the only differences being the email messages they use as a bait, the size or compression format of the files that contain the worms, or the files that they copy to computers. The messages that they display when run can also vary. The CY variant, for example, opens Notepad, which shows a series of garbled characters, whereas the FQ variant opens a dialog box saying that a program update has been successfully installed.
The strategy of the worms’ creator is very clear: to put as many variants of this worm as possible in circulation in order to increase the probability of a computer being infected by one of them. What remains unclear, however, is the purpose behind these actions, as these malicious codes seem to be the typical email worms intended to send themselves out to as many addresses as possible: “Actually these new variants do not fit the new malware dynamic, whose purpose is for creators of threats to make easy money. Rather, we think these are tests aimed at finding a malicious code that can quickly propagate to as many computers as possible. Once this is achieved, it is very probable that the creator will try to include some new features that allow them to carry out much more harmful actions”, explains Luis Corrons, director of PandaLabs.