high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 19 December 2006 06:25:05 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Semail-A is an email worm for the Windows platform.
W32/Semail-A includes functionality to access the internet and communicate with a remote server via HTTP. W32/Semail-A is an email worm for the Windows platform.
W32/Semail-A includes functionality to access the internet and communicate with a remote server via HTTP.
The email may also contain the following properties:
Subject line consisting of one of the following:
Le nostre foto <recipient>
Le foto che volevi <recipient>
An attachment named:
ierifoto.zip
An email body written in italian referencing a remote website.
When first run W32/Semail-A copies itself to <System>\Winsystens\gratis-tutto.EXE and <Windows>\$hf_mig$\KB090545\target.dat.
W32/Semail-A may modify <System>\drivers\etc\hosts.
W32/Semail-A also creates the following files :
<Windows>\$hf_mig$\KB090545\semail.exe
<Windows>\$hf_mig$\KB090545\semail.tpl
<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Foto.lnk
<Desktop>\Foto.lnk
<Start Menu\Programs>\Foto.lnk
The file semail.exe is also detected as W32/Semail-A. The file semail.tpl is a non-malicious text file that contains temporary SMTP data created when W32/Semail-A emails itself. The files Foto.lnk are shortcuts to W32/Semail-A to encourage the user to launch the worm.
|
