Class | Email-Worm |
Platform | Win32 |
Description |
Technical DetailsSnapper spreads over the Internet in infected emails as a link to an infected website. Infected emails contain the following HTML coded link: Once the link is activated Snapper exploits a MS Internet Explorer vulnerability described in the MS03-040 Security Bulletin. As a result, a script Trojan is downloaded and executed. The Trojan extracts and installs the main component of the worm into the system – IELOAD.DLL Snapper is a PE dll file about 8 KB in size. It installs itself into the Windows system folder and is launched as a system library. The worm harvests all email addresses from the MS Outlook address book and uses the local SMTP server to send emails to these addresses. |