Over 200 major incidents have been detected by PandaLabs in a two-hour span due to the mass-mailing of spam messages carrying files infected with the Spamta worm.
Spamta.CY reaches computers in an e-mail message with a variable subject, selected at random from a list of options. The message body contains a text warning users that e-mail messages are being sent from their computers because it is infected with a malicious code.
This e-mail includes a file with a name randomly chosen, as doc.dat.exe, body.zip or test.elm.exe, which actually contains Spamta.CY. If this file is run, the worm opens Windows Notepad and displays a series of nonsensical characters. At the same time, it looks for addresses stored on the system to which it sends itself using its own SMTP engine.
“Social engineering is causing problems once again. It is not the first time a malicious code has spread by posing as a security application, but even so, many users still click on malicious files that use this kind of bait. This demonstrates, once again, the need to put security in the hands of technological solutions that objectively determine the nature of the content of a file and not to rely on instinct,” explains Jeremy Matthews, MD of Panda Software SA.
PandaLabs also reports that it has detected the appearance of 12 new variants of the Spamta worm over the last 24 hours. Evidence suggests that the author of these worms is using the strategy of releasing as many variants as possible in order to increase the probability of a computer being infected by one.
Ads Matthews: “It is a strategy that started to become popular at the beginning of 2005, with families of worms like Bropia. What cyber-criminals are actually trying to do is take advantage of the limitations of traditional anti-virus products that can only detect previously identified malicious codes, and which, therefore, need to be updated regularly. As a result, a vulnerability window opens between the two updates, during which time a new malicious code can easily infect a computer.”
The original text of this message is the following:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses.
Please install updates for worm elimination and your computer restoring.
Customers support service.
-Computing SA staff, Computing South Africa
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.