PandaLabs Detects a Combined Attack Caused by the Spamta.VK Worm and the Spamtaload.DT Trojan
PandaLabs has issued warnings about the rapid propagation of two new members of the Spamta family: the Spamta.VK worm and the Spamtaload.DT Trojan. Both spread together and have accounted for up to 80 percent of malware detections reported to PandaLabs per hour. The Spamta family has been extremely active over the last few months.
When Spamta.VK infects a computer, it connects to several servers to send out massive amounts of emails. These emails include a copy of Spamtaload.DT, generally hidden in an executable file. Spamta.VK to each computer it infects, starting the infection cycle all over again.
"This is a clear example of a combined attack. The worm's propagation features are used to distribute the Trojan, which, in turn, ensures proliferation by infecting each computer with a new copy of the worm. This technique explains the large number of infections reported to PandaLabs", says Luis Corrons, Technical Director of PandaLabs.
The proactive TruPrevent Technologies have detected these malicious codes with no need for prior identification or updates. Users that have them installed have therefore been protected at all times.
The Spamtaload.DT Trojan has an icon similar to that of text files. When run, it shows an error message and creates a key in the Registry Windows to ensure it is run every time the system is started up.
The Spamta.VK worm downloads several malicious files once it is run and connects to several servers to send itself out by email.
"The attacks of Spamta codes usually involve the appearance of several variants in a short period of time. This aims at having security companies and users concentrate on one or a few variants, whereas the rest go completely unnoticed and continue to infect. Users should be on their guard against the possibility of new malicious codes appearing. It is also advisable to have proactive technologies, like TruPreventTM, which detect known and unknown malicious codes", says Luis Corrons.
write your comments about the article :: © 2007 Computing News :: home page