W32.Glitchy.int


Aliases: WORM_GLITCH.A, Win32/Glih.A@mm, Worm/Glitchy, Win32.Glitch.A@mm, Win32/Glitch.A
Variants: Email-Worm.Win32.Glitchy, I-Worm.Glitchy, W32/Hlitch, Win32.HLLM.Glitch.62464, W32/Glitchy-A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 27 Jun 2002
Damage: Low

Characteristics: The most noticeable payload associated with the W32.Glitchy.int infection is the hijacking of the user's email account in the infected machine. This account is used by the malware to send numerous spam messages to other computer systems. The subject line and message body may contain random messages. In some instances the email messages do not have file attachments which is quite unique for a mass mailing malware.

More details about W32.Glitchy.int

An infection resulting from the presence of the W32.Glitchy.int Trojan Horse in a compromised computer system highlights a vulnerability associated with the Windows Address Book. Like most threats in its category, this malware will attempt to harvest the contents of the Windows Address Book and make them targets for the spreading of its codes. The propagation routine for the W32.Glitchy.int however seems to vary in the sense that it randomly chooses computer systems that it will make as transport mechanisms. A computer system which receives the W32.Glitchy.int codes without email attachments will only experience a message box display with the text "Glitch Have a nice day!". No other effects have been identified with this particular routine so far.

It is also entirely possible that other variants of the W32.Glitchy.int may include a file attachment to the spam email which is intended to harvest the contents of the Windows Address Book of the targeted machine. The W32.Glitchy.int has also been observed to avoid modifying Windows Registry keys of the compromised machine. This means that manual removal can be as simple as simultaneously pressing the CTRL, ALT, and DEL keys on the keyboard and terminating its background process, files associated with the malware must be removed. Restarting the computer system is highly recommended to clear the memory of any traces.