Email-Worm.Win32.Snapper

Class Email-Worm
Platform Win32
Description

Technical Details

Snapper spreads over the Internet in infected emails as a link to an infected website.

Infected emails contain the following HTML coded link:

Once the link is activated Snapper exploits a MS Internet Explorer vulnerability described in the MS03-040 Security Bulletin.

As a result, a script Trojan is downloaded and executed. The Trojan extracts and installs the main component of the worm into the system – IELOAD.DLL

Snapper is a PE dll file about 8 KB in size. It installs itself into the Windows system folder and is launched as a system library.

The worm harvests all email addresses from the MS Outlook address book and uses the local SMTP server to send emails to these addresses.

Find out the statistics of the threats spreading in your region