Aliases: packed/upack, w32.hitapop, new malware.aj, Trojan.Win32.Delf.nyo
Variants: Downloader-AZN!c3f98a074fe8, TrojanSpy:Win32/Hitpop.gen!B, Win32/Spy.Pophot Trojan

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, Australia, North and South America, Europe
Removal: Easy
Platform: W32
Discovered: 01 Dec 2006
Damage: Low

Characteristics: In most instances of infections, the W32.Hitapop has been observed to lower the security settings of the compromised computer system. This in turn may lead to the entry of more dangerous codes that will negatively impact the overall performance of the machine. This particular threat was designed to make use of removable storage devices as transport mechanisms to allow it to spread its infection to other computer systems and network environments.

More details about W32.Hitapop

Support file components that are associated with this malware are composed of some executable, configuration, Dynamic Link Library, and SCR file types. The executable and screensaver file components are used to hold a copy of the W32.Hitapop malware which causes the infection in a vulnerable computer system. This particular malware also resorts to the modification of the Windows Registry to allow it to load on every startup and reboot sequence of the infected machine. As part of its payload of lowering the security protection for the compromised computer system, the W32.Hitapop will illegally terminate processes and services associated with antivirus applications. The W32.Hitapop may also affect the functionality of system processes and that are linked to security and monitoring.

The W32.Hitapop will also attempt to create an instance of itself using the Process Interchange Format. The filename may vary randomly. An information file will be placed by the W32.Hitapop in the removable storage devices. This is seen as an attempt to allow the malware's routine to run automatically once the drive is accessed by unsuspecting computer users. The W32.Hitapop has been designed to voluntarily connect to predetermined malicious websites possibly for the downloading of more potentially dangerous codes or updating of its own codes. A computer system infected by this malware normally experiences intermittent display of popup advertisement windows.