Win32/Snowflake.A

Posted: December 14, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	23

First Seen:	December 14, 2011
Last Seen:	January 4, 2023
OS(es) Affected:	Windows

Win32/Snowflake.A is a worm, which works to spread and distribute its malicious infection without any kind of human assistance or intervention. In order to be able to propagate itself without any kind of human help, Win32/Snowflake.A is able to corrupt and infect various kinds of removable drives, such as writable CDs and memory sticks, by making copies of itself and attaching them to the root of these kinds of drives.

According to SpywareRemove.com malware analysts, one of the primary methods in which Win32/Snowflake.A is reported to work to distribute itself via maliciously spam email attachments. The most obvious sign of a successful Win32/Snowflake.A breach and infection is its intentional alteration of infected systems' Desktop image to a random snowflake image; this is most likely how this threat also got its identified name.

Capable of wrecking all kinds of serious and notable havoc on systems that Win32/Snowflake.A infects successfully, SpywareRemove.com malware analysts seriously recommend that you immediately work to remove this worm from your systems as soon as you have detected its malicious presence. Remove Win32/Snowflake.A before it has had the chance to harm your system.

Malicious Spam Associations of Win32/Snowflake.A

Once Win32/Snowflake.A infects computers, it seeks out and specifically targets any contact lists stored in email-type web applications. This worm works to do this because it helps Win32/Snowflake.A to distribute its malicious infection. As a worm that is being propagated mostly via infected spam email attachments, it makes perfect sense that this threat would seek out vulnerable email accounts to procure as accomplices for its distributing deeds.

By stealing any stored contact list saved on compromised computers, Win32/Snowflake.A is able to make copies of itself and then spam the copies out to every single, individual contact listing that may be stored on an infected computer system; thus, utilizing its victims contact lists to continue the vicious cycle.

Win32/Snowflake.A's Various Advertising Functions

The primary payload of Win32/Snowflake.A is forcing advertisements onto infected computers. To achieve this, Win32/Snowflake.A downloads and promotes various advertising applications onto computers. The reason that Win32/Snowflake.A works so steadily to achieve this is because these types of programs earn money for this threat's creators.

With this in mind, it follows that this worm is also skilled at delivering all kinds of annoying pop-up commercial advertisements to computer users' Desktops. In short, the primary function of this worm is to deliver a constant stream of commercial advertisements and unwanted programs onto computers.

Additionally, Win32/Snowflake.A is quite good at forcing browser redirection by forcing infected systems' web browsers to visit the particular websites of Win32/Snowflake.A's choosing – which usually means various websites that are associated with this threat's advertising functions. A Win32/Snowflake.A infection is also known to consume an enormous amount of system resources, which can cause any computer system infected with this computer worm to sun dramatically slowly.

Win32/Snowflake.A

Threat Metric

Malicious Spam Associations of Win32/Snowflake.A

Win32/Snowflake.A's Various Advertising Functions

Leave a Reply