Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- March 24, 2004
- Updated:
- February 13, 2007 12:20:12 PM
- Also Known As:
- I-Worm.Snapper [Kaspersky], W32/Snapper@MM [McAfee], Snapper [F-Secure]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Snapper.A@mm is a worm that spreads to all the contacts in the Windows Address Book. It does not send itself as an email attachment. Instead, it exploits the Internet Explorer Object Tag Vulnerability that is described in Microsoft Security Bulletin MS03-032. This vulnerability allows W32.Snapper.A@mm to automatically download and install the worm when the email is opened.
The email has the following characteristics:
From: <Spoofed>
Subject: Re:
Message: The message body consists of the following HTML code, which will appear to be a blank message when loaded by most mail clients:
<HTML><BODY><IFRAME src='http://<omitted>/banner.htm' style='display:none'></IFRAME></HTML></BODY>
Antivirus Protection Dates
- Initial Rapid Release version March 24, 2004
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version March 24, 2004
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date March 24, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Difficult
Damage
- Damage Level: Medium
Distribution
- Distribution Level: High
Writeup By: Heather Shannon
