Aliases: Worm.P2P.Milcan, W32/Milcan.worm!p2p
Variants: W32/Mant.A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 08 Aug 2003
Damage: Low

Characteristics: The presence of this Worm in a vulnerable computer system leads to an exploitation of specific Peer to Peer file sharing networks which are used to spread its malicious codes. The W32.Mant.Worm will function by creating a critical degree of instability in its host computer system. This malware negatively impacts majority of the system services, protocols, and applications either by illegally terminating them or preventing their correct execution. It has mass mailing functionality.

More details about W32.Mant.Worm

Since the W32.Mant.Worm has been designed to target specific Peer to Peer file sharing networks, its execution in the local machine will initially check for the presence of clients associated with these networks. If the associated Peer to Peer file sharing clients are not present in the compromised machine it will terminate and display an error message on the computer screen. However, if the applications are found, the W32.Mant.Worm will create an instance of itself into the shared folder used by the Peer to Peer file sharing client. The Worm's file copy makes use of an executable file format with the filename attempting to appear as a legitimate application. Executable copies of the W32.Mant.Worm are also placed in the directory of the operating system.

When the W32.Mant.Worm successfully installs itself into a compromised computer system the host machine may fail to respond requiring the machine to be hard booted. According to most antivirus developers this malware does not have a destructive payload nor does it create an entry in the Startup group of the operating system. Aside from using mass mailing functionalities, the W32.Mant.Worm can also take advantage of poorly protected network shares as its transport media to spread its infection to other computer systems. Generally the presence of the W32.Mant.Worm in a vulnerable computer system can lead to erratic Internet connection behavior.