Windows XP/2000/NT/ME/98/95

Mapson is a worm that does not have any destructive effects, which spreads via e-mail. After affecting a computer, it sends copies of itself to all the e-mail addresses in the Contact List of the instant messaging program MSN Messenger.

The e-mail message carrying Mapson has extremely variable characteristics. However, the subject and message are always in Spanish and the attached file almost always has a PIF extension.

As well as e-mail, Mapson also spreads through P2P (peer-to-peer) file sharing programs.

Mapson displays messages on screen and creates a large number of copies of itself on the computer.

Mapson is easy to recognize, as when it is run this worm displays the following message in Spanish on screen:

• Error
  Archivo Parcialmente Corrupto remplazelo por uno nuevo

Similarly, in July this worm displays two windows with the following characteristics:

• Title:
  Lorraine Worm [GEDZAC LABS 2003]
  Text:
  Creado por Falckon/GEDZAC
• Title:
  Lorraine Worm [GEDZAC LABS 2003]
  Text:
  Dedicado a mi G. Lorena R. S.,http://www.vsantivirus.com/renalo.htm

Finally on the fourth of each month, Mapson opens the Internet browser and displays a web page containing information about the worm author.