Anti-virus software company, Panda Software, has recently detected a rapid increase in the number of incidents caused by a new variant of the Spamta worm.
These waves of malicious code are basically aimed at creating a critical situation that requires security companies to focus their efforts on countering these particular threats. In the meantime, the creators of this malware launch other, more surreptitious, threats that could actually be more dangerous.
This behavior coincides with the new malware dynamic, which has been monitored for some time now by Panda Software, and this case in particular is typical of one of the classic strategies: distraction. While users believe they are protected against the latest malicious code, such as Spamta, other more selective programs, like the Briz Trojan, can target selected computers. The payload of Briz is more dangerous than that of the Spamta, as it is designed to steal passwords for the web pages of certain online banks, and as it has been custom-made it could slip past antivirus detection systems unnoticed.
Spamta.NB, the version detected in this latest wave, spreads across computers via email. It is based on an earlier worm, SpamtaLoad.BL, which also spread via email in a message with a variable subject field: Error, Good day, hello, etc. Those versions with subjects such as “Mail Delivery System”, “Mail server report” or “Mail Transaction Failed”, pose the greatest threat, as users are more likely to think that they are warnings of undelivered messages and therefore open the mail to see what has happened.
The message texts are also variable, and frequently refer to problems with mail management systems. The messages also include an attachment with a false extension. The real extension of this executable that contains the malicious code could be CMD, DAT, EXE, PIF or SCR.
These waves of malicious code could increase, and according to Luis Corrons, Director of PandaLabs, “This type of activity often peaks over the Christmas period, and with users making more purchases online, the security of their systems could be compromised if they do not have adequate protection installed.”