A new SpamtaLoad worm is starting to spread rapidly

PandaLabs has detected a huge number of emails containing the SpamtaLoad.DO Trojan. In fact, the Trojan was present in up to 40 percent of the infected messages received by PandaLabs every hour.

Panda Software’s TruPrevent Technologies have detected SpamtaLoad.DO without the need for prior updates.  Those users with these technologies installed on their computers have been protected at all times.

The Trojan reaches systems in email messages with variable subjects and text bodies. Some of them are as follows:

Subject: “Error”, “Good day”, “hello” or “Mail Delivery System”.

Text body: 
1. Mail transaction failed. Partial message is available.
2. The message contains Unicode characters and has been sent
as a binary attachment.

The Trojan is contained in an executable attachment to the message with a variable name. 

If the user runs the file, SpamtaLoad.DO displays a false error message or opens the notepad and displays a text. This file downloads the Spamta.TQ worm to the system. This worm is designed to resend SpamtaLoad.DO to all of the email addresses that it finds on the target computer.