W32/Scold-A is a mass mailer that uses Microsoft Outlook to spread.
W32/Scold-A may arrive in the email with the following characteristics:
Subject line: One of -
"When It's Cold Outside She Gives Me Warm Inside"
"Re: When It's Cold Outside She Gives Me Warm Inside"
"Fw: When It's Cold Outside She Gives Me Warm Inside"
- followed by a random number of random characters.
Message text: One of -
"You will love this cute picture."
"Enjoy this great picture."
"Don´t miss this cool picture."
- followed by the rest of the message:
"============= Free Online Virus Scan =============
100% VIRUS FREE
No viruses or suspicious files were found in the attached file. "
The attached file will have a filename constructed from the same characters
that were used in the subject line, followed by a random number and an SCR extension.
When executed W32/Scold-A displays a photo of a seal, copies itself to the Windows folder as Warm.scr and sets following the registry entry with the path to this copy:
HKLM/Software/Microsoft/Windows/CurrentVersion/Run/ExeName32
W32/Scold-A sends itself to all entries from the Outlook Address Book and in addition searches for email addresses in HTM and HTML files from the IE Save folder and CTT files from the MY Documents folder.