Home > Threat descriptions >



Category: Malware

Type: Email-Worm

Aliases: Email-Worm


This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

An Email-Worm (also known as a mass-mailer or less commonly an Internet worm) distributes copies of itself in an infectious e-mail attachment. Often, these infected e-mails are sent to e-mail addresses that the worm harvests from files on an infected computer.

For representative examples of email-worms, see:


Email-Worm typically arrive as executable files attached to fake e-mail messages.

Some mass mailers randomly compose subjects and bodies of infected messages from words and phrases carried in the worm's own code; other worms use content found in randomly selected files in the infected computer to compose the e-mail message. The name of the file attachment can be either random, or 'borrowed' from other files.

Many worms send themselves as attachments with double extension, for example .MPG.EXE or AVI.PIF. In this case a recipient in most cases can only see the first extension. Because of that some users try to start such attachments thinking that these are multimedia files.


Email-worms normally use social engineering tactics to entice the user into opening and executing the e-mail attachment. As such, users can avoid infection by an email-worm by simply refusing to open any e-mail file attachments without first verifying its safety with the e-mail sender.

In some cases however, an infected attachment may contain an exploit that allows the e-mail worm to install and start automatically on the computer, without any user action. This is only possible if the e-mail client contains certain vulnerabilities.


Most worms nowadays include malicious routines (e.g.,password or data stealing), or carry viruses and backdoors inside them.