W32/Snapper-A spreads through the emails using a known IE vulnerability.
For more details see MS03-040.
When an infected message is opened the link to the malicious site is activated and a script component with the filename htmlhelp.cgi is executed.
When run htmlhelp.cgi extracts and the main component of the worm to the Windows system folder as IELOAD.DLL and launches it.
W32/Snapper-A sends infected messages to all entries in the Outlook address book.