W32/Snapper-A

Aliases	I-Worm.Snapper W32.Snapper.A@mm HTML_SNAPPER.A
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Sophos beta program
Register now for our latest beta tests

Download and install the Microsoft patch mentioned above.

W32/Snapper-A spreads through the emails using a known IE vulnerability.

For more details see MS03-040.

When an infected message is opened the link to the malicious site is activated and a script component with the filename htmlhelp.cgi is executed.

When run htmlhelp.cgi extracts and the main component of the worm to the Windows system folder as IELOAD.DLL and launches it.

W32/Snapper-A sends infected messages to all entries in the Outlook address book.

Get reports about the latest virus and spyware threats delivered to your computer