W32.Mapson.C.Worm


Aliases: I-Worm.Mapson.c, Win32.Mapson.C, W32/Mapson.gen@MM
Variants: Win32/Mapson.C, worm_mapson.c

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Europe, North and South America, Australia, Asia
Removal: Hard
Platform: W32
Discovered: 01 Jul 2003
Damage: Medium

Characteristics: This is a type of mass mailing Worm variant which normally targets the contacts found in an Instant Messaging client. The W32.Mapson.C.Worm will send a copy of itself to these contacts using randomly generated subject line, message body, and file attachment names. Normally the file attachment used by this threat has an EXE, PIF, SCR, of COM file extension. The From field may be spoofed by the malware instead of hijacking the user's email account.

More details about W32.Mapson.C.Worm

This malware which was written using the Delphi programming language may utilize Peer to Peer file sharing clients as well as Internet Paging applications as transport mechanisms for the spreading of its infection to other vulnerable computer systems. Some computer security experts have observed that the W32.Mapson.C.Worm may institute some changes that will allow it to illegally and discretely terminate antivirus, system monitoring tool, and firewall services and protocols. During the initial execution of the W32.Mapson.C.Worm malware it will drop numerous PIF, SCR, and EXE format files into the same location as the operating system files. The W32.Mapson.C.Worm will also create a VXD file copy of itself and place it in the root directory of the main hard drive of the infected machine.

A corresponding Windows Registry key will be created by the W32.Mapson.C.Worm to make sure that it is loaded into the system memory every time the operating system is launched. It will scan the infected host for the presence of executable files that are associated with popular protection applications. Once found the W32.Mapson.C.Worm will terminate its processes without alerting the computer user. A copy of the W32.Mapson.C.Worm will be placed into the shared folder of all Peer to Peer file sharing clients found in the machine. Depending on the system date, the malware may either download additional files or display an message onscreen.