Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It exploits two Internet Explorer vulnerabilities in order to spread via e-mail.|
|Detection updated on:||March 24, 2004|
Snapper.A is a worm that spreads via e-mail. It is automatically activated when the e-mail message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer, which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame.
This exploit points to an HTML page, from which a file with a CGI extension is downloaded. This file exploits another vulnerability, known as Object Data Remote Execution, in order to run a Visual Basic Script code, which creates a DLL (Dynamic Link Library) in the Windows directory. This DLL provides the functionalities of the worm.
Snapper.A checks if several processes are active. For example, NAVAPW32.EXE, CCAPP.EXE, OUTPOST.EXE and SPIDERML.EXE.
Snapper.A is difficult to recognize, as it does not show any messages or warnings that indicate it has reached the computer.