Combined attack caused by the Spamta.VK worm and the Spamtaload.DT trojan

PandaLabs has issued warnings about the rapid propagation of two new members of the Spamta family: the Spamta.VK worm and the Spamtaload.DT Trojan. Both spread together and have accounted for up to 80 percent of malware detections reported to PandaLabs per hour. The Spamta family has been extremely active over the last few months.

When Spamta.VK infects a computer, it connects to several servers to send out massive amounts of emails. These emails include a copy of Spamtaload.DT, generally hidden in an executable file. Spamtaload.DT, in turn, downloads a copy of Spamta.VK to each computer it infects, starting the infection cycle all over again.

“This is a clear example of a combined attack. The worm’s propagation features are used to distribute the Trojan, which, in turn, ensures proliferation by infecting each computer with a new copy of the worm. This technique explains the large number of infections reported to PandaLabs”, says Luis Corrons, Technical Director of PandaLabs.