Un nuevo troyano SpamtaLoad comienza a propagarse rápidamente, informa PandaLabs

En las últimas horas, PandaLabs ha detectado una gran cantidad de mensajes de correo electrónico que contenían al troyano SpamtaLoad.DO

Las Tecnologías TruPrevent^TM han detectado y bloqueado este troyano sin conocerlo con anterioridad

La familia Spamta ha protagonizado ya varias epidemias en los últimos meses. Suelen lanzarse para distraer a las empresas de seguridad e infectar a los usuarios con ejemplares más dañinos

PandaLabs has detected a huge number of emails containing the SpamtaLoad.DO Trojan. In fact, the Trojan was present in up to 40 percent of the infected messages received by PandaLabs every hour.

Panda Software’s TruPrevent™ Technologies have detected SpamtaLoad.DO without the need for prior updates.   Those users with these technologies installed on their computers have been protected at all times.

The Trojan reaches systems in email messages with variable subjects and text bodies. Some of them are as follows:

Subject: “Error”, “Good day”, “hello” or “Mail Delivery System”.

Text body: 

1. Mail transaction failed. Partial message is available.
2.   The message contains Unicode characters and has been sent
   as a binary attachment.

The Trojan is contained in an executable attachment to the message with a variable name. 

If the user runs the file, SpamtaLoad.DO displays a false error message or opens the notepad and displays a text. This file downloads the Spamta.TQ worm to the system. This worm is designed to resend SpamtaLoad.DO to all of the email addresses that it finds on the target computer.

“This type of malicious code is not usually the end in itself. In most cases, they are used as a red herring to distract security companies. While they concentrate efforts on removing them, cyber-crooks take the opportunity to launch other malicious code silently.  These other specimens are usually far more dangerous.” explains Luis Corrons, Technical Director of PandaLabs.               

The members of the Spamta family of worms and Trojans have been very active over the last few years. PandaLabs has detected several waves of attacks caused by this family of malicious code, the latest at the end of November 2006.

“During these waves many variants of the same family are put in circulation in a very short time. Users should act with caution, as this Trojan could just be spearhead of a new wave of attacks”, says Corrons.

All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free solution. It will carry out a complete inspection of the computer should there be any hints of infection.

More information about these and other threats is available in Panda Software’s Encyclopedia.