PandaLabs warns of a new combined Spamta attack

A new combined attack is being widely distributed, according to PandaLabs. This attack has accounted for up to 88% of the reports of malware in circulation received per hour by PandaLabs.

The modus operandi of the attack is as follows: cyber-crooks send out massive amounts of emails containing the SpamtaLoad.DW Trojan. When it is installed on a computer, this Trojan downloads the Spamta.WF worm which, in turn, is designed to send an email with the Trojan to all addresses it finds on the computer. And so the cycle goes on.

“This is the second case of a combined attack that we have recorded in the last two weeks. The creators of these malicious codes are seemingly collecting vast quantities of email addresses which can then be used, for example, for sending spam,” explains Luis Corrons, technical director of PandaLabs.

TruPrevent Technologies have detected and blocked this worm without the need to have previously identified it. Those users that have them installed on their computers have been protected at all times.

The subject and the content of the emails with SpamtaLoad.DW are variable. Examples of subjects include: Error, Good day, hello, etc. The file that contains the malware has names such as body, data or doc and a range of extensions (.msg, .txt,-¦).

SpamtaLoad.DW is installed on computers with a text file icon, although it is really an executable file. When a user opens it to see its content they are really executing the file and infecting their computer. To divert the user’s attention, the Trojan displays an error message.

Once installed, SpamtaLoad.DW then downloads Spamta.WF which then resends SpamtaLoad.DW to the email addresses it finds on the computer.

Source: