Threat description




This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

This is the Email-Worm General Information page.

An Email-Worm (also known as a mass-mailer or less commonly an Internet worm) distributes copies of itself in an infectious e-mail attachment. Often, these infected e-mails are sent to e-mail addresses that the worm harvests from files on an infected computer.

For representative examples of email-worms, see:


Email-Worm typically arrive as executable files attached to fake e-mail messages.

Some mass mailers randomly compose subjects and bodies of infected messages from words and phrases carried in the worm's own code; other worms use content found in randomly selected files in the infected computer to compose the e-mail message. The name of the file attachment can be either random, or 'borrowed' from other files.

Many worms send themselves as attachments with double extension, for example .MPG.EXE or AVI.PIF. In this case a recipient in most cases can only see the first extension. Because of that some users try to start such attachments thinking that these are multimedia files.


Email-worms normally use social engineering tactics to entice the user into opening and executing the e-mail attachment. As such, users can avoid infection by an email-worm by simply refusing to open any e-mail file attachments without first verifying its safety with the e-mail sender.

In some cases however, an infected attachment may contain an exploit that allows the e-mail worm to install and start automatically on the computer, without any user action. This is only possible if the e-mail client contains certain vulnerabilities.


Most worms nowadays include malicious routines (e.g.,password or data stealing), or carry viruses and backdoors inside them.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info