Threat Encyclopedia



  • Virus is 32bit with a compressed file size of 28,160 bytes, and is a minor variant of W32/Scold.A-mm
  • Virus is introduced to a target system via an email attachment from another infected user
  • If the virus is run, it may copy itself to the undefinedWindowsundefined folder as "warm.scr" and modify the registry to auto run this virus at next Windows startup

    ExeName32 = C:\WINNT\warm.scr

  • The virus will create an email message for each contact listed in the Windows address book - the email message may be slightly varied with the following properties -

    Subject: undefinedxundefined When It´s Cold Outside She Gives Me Warm Inside undefinedrandom
    Body 1:
    You will love this cute picture.

    Body 2:
    Enjoy this great picture.

    Body 3:
    Don't miss this cool picture.

    Additional Body:
    ============= Free Online Virus Scan =============
    100undefined VIRUS FREE
    No viruses or suspicious files were found in the attached file.
    Attachment: undefinedrandomundefined.scr

  • In the example above, undefinedxundefined is either "", "Fw:" or "Re:", and undefinedrandomundefined is random letters

recommended-action-logoRecommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

  • Enable blocking of .SCR file attachments using FortiGate manager interface for POP3, SMTP and IMAP email services
  • Add the following words to the Email quarantine feature of FortiGate -


  • Configure email server applications to quarantine emails tagged by FortiGate and delete as necessary

Telemetry logoTelemetry