Sophos

Sophos blogs

W32/Snapper-A

Aliases
  • I-Worm.Snapper
  • W32.Snapper.A@mm
  • HTML_SNAPPER.A
Category
Type
What to do
Prevalence low high

Summary

 
Protection available since 25 March 2004 17:18:52 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

Please follow the instructions for removing worms.

Download and install the Microsoft patch mentioned above.

More Information

W32/Snapper-A spreads through the emails using a known IE vulnerability.

For more details see MS03-040.

When an infected message is opened the link to the malicious site is activated and a script component with the filename htmlhelp.cgi is executed.

When run htmlhelp.cgi extracts and the main component of the worm to the Windows system folder as IELOAD.DLL and launches it.

W32/Snapper-A sends infected messages to all entries in the Outlook address book.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer