W32/Semail-A

Category: Viruses and Spyware Protection available since:18 Dec 2006 00:00:00 (GMT)
Type: Win32 worm Last Updated:18 Dec 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Semail-A is an email worm for the Windows platform.

W32/Semail-A includes functionality to access the internet and communicate with a remote server via HTTP. W32/Semail-A is an email worm for the Windows platform.

W32/Semail-A includes functionality to access the internet and communicate with a remote server via HTTP.

The email may also contain the following properties:

Subject line consisting of one of the following:
Le nostre foto <recipient>
Le foto che volevi <recipient>

An attachment named:
ierifoto.zip

An email body written in italian referencing a remote website.

When first run W32/Semail-A copies itself to <System>\Winsystens\gratis-tutto.EXE and <Windows>\$hf_mig$\KB090545\target.dat.

W32/Semail-A may modify <System>\drivers\etc\hosts.

W32/Semail-A also creates the following files :

<Windows>\$hf_mig$\KB090545\semail.exe
<Windows>\$hf_mig$\KB090545\semail.tpl
<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Foto.lnk
<Desktop>\Foto.lnk
<Start Menu\Programs>\Foto.lnk

The file semail.exe is also detected as W32/Semail-A. The file semail.tpl is a non-malicious text file that contains temporary SMTP data created when W32/Semail-A emails itself. The files Foto.lnk are shortcuts to W32/Semail-A to encourage the user to launch the worm.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy