Threat Description

Email-Worm

Details

Aliases: Email-Worm
Category: Malware
Type: Email-Worm
Platform: W32

Summary



This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



This is the Email-Worm General Information page.

An Email-Worm (also known as a mass-mailer or less commonly an Internet worm) distributes copies of itself in an infectious e-mail attachment. Often, these infected e-mails are sent to e-mail addresses that the worm harvests from files on an infected computer.

For representative examples of email-worms, see:

Distribution

Email-Worm typically arrive as executable files attached to fake e-mail messages.

Some mass mailers randomly compose subjects and bodies of infected messages from words and phrases carried in the worm's own code; other worms use content found in randomly selected files in the infected computer to compose the e-mail message. The name of the file attachment can be either random, or 'borrowed' from other files.

Many worms send themselves as attachments with double extension, for example .MPG.EXE or AVI.PIF. In this case a recipient in most cases can only see the first extension. Because of that some users try to start such attachments thinking that these are multimedia files.

Execution

Email-worms normally use social engineering tactics to entice the user into opening and executing the e-mail attachment. As such, users can avoid infection by an email-worm by simply refusing to open any e-mail file attachments without first verifying its safety with the e-mail sender.

In some cases however, an infected attachment may contain an exploit that allows the e-mail worm to install and start automatically on the computer, without any user action. This is only possible if the e-mail client contains certain vulnerabilities.

Payload

Most worms nowadays include malicious routines (e.g.,password or data stealing), or carry viruses and backdoors inside them.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More