contents

software
 
New Wave of the Spamta Worm Hits the Internet

PandaLabs, Panda Software's anti-malware laboratory, has recently detected a rapid increase in the number of incidents caused by a new variant of the Spamta worm. In one 12 hour period, incidents involving this malicious code multiplied rapidly.

These waves of malicious code are basically aimed at creating a critical situation that requires security companies to focus their efforts on countering these particular threats. In the meantime, the creators of this malware launch other, more surreptitious, threats that could actually be more dangerous.

This behavior coincides with the new malware dynamic, which has been monitored for some time now by Panda Software, and this case in particular is typical of one of the classic strategies: distraction. While users believe they are protected against the latest malicious code, such as Spamta, other more selective programs, like the Briz Trojan, can target selected computers. The payload of Briz is more dangerous than that of the Spamta, as it is designed to steal passwords for the web pages of certain online banks, and as it has been custom-made it could slip past antivirus detection systems unnoticed.

Panda Software, thanks to its TruPrevent Technologies, has been able to protect its clients from the moment this code first appeared, detecting it by analyzing its behavior rather than by comparing it against a list of previously identified threats. When a certain application appears to act in a dangerous way, it is prevented from running and sent to PandaLabs for in-depth analysis.

Spamta.NB, the version detected in this latest wave, spreads across computers via email. It is based on an earlier worm, SpamtaLoad.BL, which also spread via email in a message with a variable subject field: Error, Good day, hello, etc. Those versions with subjects such as "Mail Delivery System", "Mail server report" or "Mail Transaction Failed", pose the greatest threat, as users are more likely to think that they are warnings of undelivered messages and therefore open the mail to see what has happened.

The message texts are also variable, and frequently refer to problems with mail management systems. The messages also include an attachment with a false extension. The real extension of this executable that contains the malicious code could be CMD, DAT, EXE, PIF or SCR.



write your comments about the article :: © 2006 Computing News :: home page