The Trojan reaches systems in e-mail messages with variable subjects and text bodies. Some of them are as follows:
Subject: "Error", "Good day", "hello" or "Mail Delivery System".
The Trojan is contained in an executable attachment to the message with a variable name.
If the user runs the file, SpamtaLoad.DO displays a false error message or opens the notepad and displays a text. This file downloads the Spamta.TQ worm to the system. This worm is designed to resend SpamtaLoad.DO to all of the e-mail addresses that it finds on the target computer.
"This type of malicious code is not usually the end in itself. In most cases, they are used as a red herring to distract security companies. While they concentrate efforts on removing them, cyber-crooks take the opportunity to launch other malicious code silently. These other specimens are usually far more dangerous," explains Luis Corrons, technical director of PandaLabs.
The members of the Spamta family of worms and Trojans have been very active over the last few years. Several waves of attacks caused by this family of malicious code have been detected, the latest at the end of November 2006.
"During these waves many variants of the same family are put in circulation in a very short time. Users should act with caution, as this Trojan could just be spearhead of a new wave of attacks", says Corrons.
The Spamta family has caused several epidemics over the last few months. They are usually launched to distract security companies and infect users with more harmful malware.
