W32.Snapper.A@mm


Aliases: I-Worm.Snapper, W32/Snapper@MM, Win32.HLLM.Mistral.8704, W32/Snapper-A, Win32/Snapper.A,
Variants: WORM_SNAPPER.A, Worm/Snapper.2, Win32:Snapper, I-Worm/Snapper.A, Backdoor.Snapper.A@mm,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 24 Mar 2004
Damage: Medium

Characteristics: The W32.Snapper.A@mm application is a worm that multiplies to all the contacts in the W23 Address Book. It doesn’t send itself as an email attachment. This vulnerability enables W32.Snapper.A@mm to automatically install and download the worm when the email is executed.

More details about W32.Snapper.A@mm

The W32.Snapper.A@mm program is a worm that multiplies to all the contacts in the W23 Address Book. It doesn’t send itself as an email attachment. This vulnerability enables W32.Snapper.A@mm to automatically install and download the worm when the e-mail is executed. The W32.Snapper.A@mm application is consist of “.dll” file, which can be seen in these locations: “%Windir%\ieload.dll” and “%System%\ieload.dll”. When the “.dll” is added, it duplicates itself as “%System%\ieload.dll”. The .dll registers itself as a “Browser Helper Object”.

This Trojan application connects to remote file servers to be able to download and install unwanted files and programs on the affected computer. These components are said to be codes of malware programs and other files that may decrease the computer’s security. The W32.Snapper.A@mm worm program will probably use additional applications to further compromise the system. It may use a rootkit tool. The application may utilize the rootkit tool to hide or conceal the presence of the downloader Trojan program in the computer. The rootkit tool may hide the files and the downloaded files of the downloader Trojan program. It may also rename the process of the application. This makes the program hard to remove and detect. Rootkit tools may also terminate security application of the computer such as personal firewalls and anti-malware applications.