Spamta worm spreads like wild fire

Over 200 major incidents have been detected by PandaLabs in a two-hour span due to the mass-mailing of spam messages carrying files infected with the Spamta worm.

Spamta.CY reaches computers in an e-mail message with a variable subject, selected at random from a list of options. The message body contains a text warning users that e-mail messages are being sent from their computers because it is infected with a malicious code.

This e-mail includes a file with a name randomly chosen, as doc.dat.exe, or test.elm.exe, which actually contains Spamta.CY. If this file is run, the worm opens Windows Notepad and displays a series of nonsensical characters. At the same time, it looks for addresses stored on the system to which it sends itself using its own SMTP engine.

“Social engineering is causing problems once again. It is not the first time a malicious code has spread by posing as a security application, but even so, many users still click on malicious files that use this kind of bait. This demonstrates, once again, the need to put security in the hands of technological solutions that objectively determine the nature of the content of a file and not to rely on instinct,” explains Jeremy Matthews, MD of Panda Software SA.

PandaLabs also reports that it has detected the appearance of 12 new variants of the Spamta worm over the last 24 hours. Evidence suggests that the author of these worms is using the strategy of releasing as many variants as possible in order to increase the probability of a computer being infected by one.

Ads Matthews: “It is a strategy that started to become popular at the beginning of 2005, with families of worms like Bropia. What cyber-criminals are actually trying to do is take advantage of the limitations of traditional anti-virus products that can only detect previously identified malicious codes, and which, therefore, need to be updated regularly. As a result, a vulnerability window opens between the two updates, during which time a new malicious code can easily infect a computer.”

The original text of this message is the following:

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.

After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses.

Please install updates for worm elimination and your computer restoring.

Best regards,

Customers support service

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now