What is Win32/Malas.C

Win32/Malas.C is a network worm that propagates through mapped network drives and peer-to-peer networks.

How Win32/Malas.C propagates and spreads

There are generally two ways adopted by Win32/Malas.C for infecting computers and spreading itself.

Via Network Drives

The worm spreads via mapped network drives by searching for any logical drive and attempting to drop the following files there:


Via Peer-to-Peer Networks

To propagate via peer-to-peer (P2P) network shares, Win32/Malas.C searches for the following directories relating to popular P2P programs:

%Program Files%\Kazaa Lite\My Shared Folder\
%Program Files%\Kazaa\My Shared Folder\
%Program Files%\Edonkey2000\Incoming\
%Program Files%\Icq\Shared Files\
%Program Files%\emule\incoming\
%Program Files%\Gnucleus\Downloads\Incoming\
%Program Files%\KMD\My Shared Folder\
%Program Files%\Limewire\Shared\
%Program Files%\XPCode\

Win32/Malas.C is also known as:

W32/Bindo.worm (McAfee), INF/Malas.C, Worm:Win32/Malas.gen (MS OneCare), P2P-Worm.Win32.Malas.h (Kaspersky), WORM_MALAS.I (Trend), W32/Malas-B (Sophos), W32.SillyFDC (Symantec)