x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Mapson.D

 
Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Mapson.D
Technical name:W32/Mapson.D.worm
Threat level:Medium
Alias:I-Worm.Mapson.d, W32/Mapson.gen@MM
Type:Worm
Effects:  It ends processes belonging to system monitoring, antivirus and firewall applications

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Sept. 1, 2003
Detection updated on:March 16, 2005
StatisticsNo
Country of origin:MEXICO

Brief Description 

    

Mapson.D is a dangerous worm that spreads via e-mail, through peer-to-peer (P2P) file sharing programs, across networks and via IRC channels.

Mapson.D ends many processes belonging to system tools and antivirus and firewall programs. By doing this, the worm leaves the infected computer vulnerable to the attack from other viruses and worms.

Mapson.D sends information on the infected computers to the creator of the virus: system date, user name, version of the operating system, IP address, etc.

On Windows NT computers, it starts a Telnet session with the user GEDZAC, who is given local administrator rights by the worm. This allows Mapson.D to validate on the IP addresses received.

Visible Symptoms 

    

It is difficult to know if Mapson.D has reached your computer, as the e-mail message or P2P files carrying the worm have variable characteristics.

On Windows NT computers, it starts a Telnet session, which increases traffic on the port 23.