The modus operandi of the attack is as follows: cyber-crooks send out massive amounts of e-mails containing the SpamtaLoad.DW Trojan. When it is installed on a computer, this Trojan downloads the Spamta.WF worm which, in turn, is designed to send an e-mail with the Trojan to all addresses it finds on the computer. And so the cycle goes on.
"This is the second case of a combined attack that we have recorded in the last two weeks. The creators of these malicious codes are seemingly collecting vast quantities of e-mail addresses which can then be used, for example, for sending spam," explains Luis Corrons, technical director of PandaLabs.
The subject and the content of the e-mails with SpamtaLoad.DW are variable. Examples of subjects include: Error, Good day, hello, etc. The file that contains the malware has names such as body, data or doc and a range of extensions.
SpamtaLoad.DW is installed on computers with a text file icon, although it is really an executable file. When a user opens it to see its content they are really executing the file and infecting their computer. To divert the user's attention, the Trojan displays an error message.
Once installed, SpamtaLoad.DW then downloads Spamta.WF which then resends SpamtaLoad.DW to the e-mail addresses it finds on the computer.
