Wallon Computer Virus

A new mass mailing worm, Wallon, attempts to destroy Windows Media player when an .mp3 file or video files is played on an infected PC.  Instead of arriving as an attachment such as the more recent worms which have made users more wary of opening email attachments, the author of the Wallon worm is counting on the user clicking on a link instead which points to the virus.

When executed, the virus grabs the user's address book and also tries to install a trojan onto the system thus giving hackers a back door in.  This particular worm is not expected to spread as rapidly as others as it lays dormant and requires a user to play a media file for it to spread.

Microsoft released Security Bulletin MS04-13 patch in mid-April which will fix the problem and recommend any customers who haven't already done so to apply the fix immediately.

Wallon in the News:

WALLON Virus Spreads by Faking Yahoo and Microsoft - said users could be tricked by its e-mail messages, which contain no virus attachments. Virus laced messages arrive with subject lines that read “RE” and a fake html link to the page yahoo.com.  If you click on that link, you can set off a chain of events that results in their Web browser being redirected to a non-Yahoo Web site controlled by the virus author and designed to trigger a long-patched Internet Explorer security hole known as the “object data vulnerability.” This allows the virus to download and run a file that replaces Microsoft Corp.’s Windows Media Player with a malicious program that downloads the Wallon worm’s main file and changes the Internet Explorer’s home page to a page maintained by the virus writer - May 2004, USA.