Results 1 to 6 of 6

Thread: Wallon Worm Uses Yahoo, Ms To Spread

  1. #1
    BawA's Avatar FST Pioneer BT Rep: +1
    Join Date
    Jun 2003
    Location
    Some Where but not here
    Age
    41
    Posts
    4,213
    Antivirus software companies issued warnings and software updates on Tuesday and Wednesday for a new worm, Wallon, that uses deceptive Web links to Yahoo.com to trick users into downloading malicious programs.

    Wallon first appeared last Friday and spreads in e-mail messages. However, antivirus companies reported increased instances of the worm on Tuesday and said users could be tricked by its e-mail messages, which do not contain virus-infected file attachments.

    Symantec Corp. and Network Associates Inc.'s (NAI's) McAfee Antivirus Emergency Response Team said Wallon was a low-level threat. However, other companies, including Sophos PLC and F-Secure Corp., said they received numerous reports of the worm.

    Like other mass-mailing worms, Wallon has its own SMTP (Simple Mail Transfer Protocol) engine and grabs e-mail addresses from files stored on compromised computers. Wallon-generated messages arrive with subject lines that read "RE" and an HTML (Hypertext Markup Language) link to the Web page http://drs.yahoo.com, according to antivirus companies.

    Users who click that link set off a chain of events that results in their Web browser being redirected to a non-Yahoo Web site controlled by the virus author and designed to trigger a long-patched Internet Explorer security hole known as the "object data vulnerability." Triggering that flaw on unpatched Windows systems, however, allows the virus to download and run a file that replaces Microsoft Corp.'s Windows Media Player with a malicious program that downloads the Wallon worm's main file and changes the Internet Explorer's home page to a page maintained by the virus writer, F-Secure of Helsinki said.

    In addition to stealing e-mail addresses for the purpose of spreading itself, Wallon forwards the addresses it finds on compromised systems to another e-mail address, which could be harvesting them for spammers, NAI said. After infection, Wallon also hijacks the victim's Web browser and directs it to a pornographic Web site, pixpox.com, NAI said.

    Antivirus companies issued updated Wallon virus definitions for their products on Tuesday and Wednesday, in addition to posting tools to remove the Wallon worm.


    "You can be mad as a mad dog at the way things went; you can swear and curse the fates, but when it comes to the end, you have to let go"
    Benjamen button

  2. Internet, Programming and Graphics   -   #2
    yer reference link goes no where mate

    here is the symantec link for info

    http://securityresponse.symantec.com/[email protected]

  3. Internet, Programming and Graphics   -   #3
    blank BT Rep: +1
    Join Date
    Oct 2003
    Posts
    1,045
    u clicked on the link???

    god how dumb are u!
    Shut that cunt’s mouth or I’ll come over there and fuckstart her head.

  4. Internet, Programming and Graphics   -   #4
    Originally posted by hungrylilboy@14 May 2004 - 11:56
    u clicked on the link???

    god how dumb are u!
    What bad link?

  5. Internet, Programming and Graphics   -   #5
    SeK612's Avatar Poster BT Rep: +10BT Rep +10
    Join Date
    Nov 2002
    Location
    UK
    Posts
    718
    Originally posted by Ariel_001+14 May 2004 - 15:37--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Ariel_001 &#064; 14 May 2004 - 15:37)</td></tr><tr><td id='QUOTE'><!--QuoteBegin-hungrylilboy@14 May 2004 - 11:56
    u clicked on the link???&nbsp;

    god how dumb are u&#33;
    What bad link?[/b][/quote]
    http://drs.yahoo.com?

  6. Internet, Programming and Graphics   -   #6
    Code:
    &#60;html&#62;&#60;head&#62;&#60;meta http-equiv=refresh content=&#34;1;url=http&#58;//www.yahoo.com&#34;&#62;&#60;title&#62;Yahoo&#33;&#60;/title&#62;&#60;/head&#62;&#60;body&#62;&#60;center&#62;&#60;big&#62;&#60;a href=&#34;http&#58;//www.yahoo.com&#34;&#62;Yahoo&#33;&#60;/a&#62;&#60;/big&#62;&#60;/center&#62;&#60;/body&#62;&#60;/html&#62;
    Nothing bad there.

    That bad (fake yahoo pages) are

    http://www.google.com.super-fast-search.apsua.com

    http://www.google.com.super-fast-search.ap...m/fast-find.htm

    http://www.google.com.super-fast-sea...com/search.htm

    and there all the same.

    The really bad link you want to avoid is *http://pixpox.com. Do not go there (unless you know what your are doing)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •