When Spamta.VK infects a computer, it connects to several servers to send out massive amounts of e-mails. These e-mails include a copy of Spamtaload.DT, generally hidden in an executable file. Spamtaload.DT, in turn, downloads a copy of Spamta.VK to each computer it infects, starting the infection cycle all over again.
"This is a clear example of a combined attack. The worm's propagation features are used to distribute the Trojan, which, in turn, ensures proliferation by infecting each computer with a new copy of the worm. This technique explains the large number of infections reported," says Luis Corrons, Technical Director of PandaLabs.
Spamtaload.DT Trojan has an icon similar to that of text files. When run, it shows an error message and creates a key in the Registry Windows to ensure it is run every time the system is started up.
The Spamta.VK worm downloads several malicious files once it is run and connects to several servers to send itself out by e-mail.
"The attacks of Spamta codes usually involve the appearance of several variants in a short period of time. This aims at having security companies and users concentrate on one or a few variants, whereas the rest go completely unnoticed and continue to infect. Users should be on their guard against the possibility of new malicious codes appearing," said Corrons.
