Aliases: W32/Mular
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 29 Mar 2006
Damage: Low

Characteristics: The W32.Mular.A is a P2P worm that propagates by using the file sharing application eMule. This security threat infection routine begins by copying itself to the eMule application’s shared folder located on the compromised machine. When the malware has successfully planted a copy of itself using a typical name in the shared folder, the P2P or peer to peer network takes control.

More details about W32.Mular.A

When the peer to peer network takes over, it will notify other eMule users of the new resource and will supply the framework needed to download and run the infected file. There are other more complex peer to peer worms that can even emulate specific file sharing networks’ protocols. Worms such as these react positively to all incoming requests and give infected files that contain the worm’s code to all people in the network. Once launched in the affected system, the W32.Mular.A will create a .rar and .exe file as well as some folders. It will then add a value to a registry subkey that will allow it to execute each time Windows starts. This worm will also alter some settings of the eMule file sharing application.

This malware will also create three other files with the extensions .exe, .rar and .nfo and will try to propagate by creating .rar archives in the shared folder of eMule. The .rar archives will have the worm’s copy and may also have some non-malicious files. The filenames of the W32.Mular.A’s dropped files will be chosen from a predefined list contained in one of the websites the worm can access. It will then connect to the predetermined websites to report back to its remote master. To avoid being infected with this malware, users can turn off the file sharing option when not really needed. If file sharing is however necessary, users are advised to use password protection and ACLs to limit unwanted access. Users can likewise disable anonymous access for shared folders.