Traditionally, mass-mailing viruses such as Netsky and Bagle are spread as attachments. When an unsuspecting user opens the infected attachment, it executes a piece of code that usually attempts to steal the user's address book and often opens a back door to give hackers easy access to the system's resources.
 | ||||
|
| | ||
|
Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. |
| ||
|
|
||||
|
|
||||
Maikel Albrecht, a product manager at Finnish security company F-Secure, said that because of recent virus outbreaks, users are less willing to open e-mail attachments, which is why Wallon's author is counting on users clicking on an e-mail link instead.
"The link in the e-mail points to the actual virus, so if you click the link, you download the virus," Albrecht said.
However, once the PC is infected, Wallon remains dormant until the user tries to run a media file such as an MP3 or a video. If the system uses Windows Media Player by default, the virus is activated and attempts to send HTML e-mails, each with a link to the virus file, to the addresses in the computer's e-mail address book.
"If you try and play media content, the worm will activate and start spreading, but the user will not see the media player," Albrecht said.
Wallon requires intervention by the user before it can replicate, so Albrecht expects it will not spread very quickly. But unlike common viruses, Wallon is destructive because it replaces the wmplayer.exe file, which means that users infected by the worm will need to reinstall Media Player.
Stuart Okin, the chief security officer at Microsoft UK, said anyone worried about Wallon should install Microsoft's MS04-13 patch, which was released in mid-April and solves the problem.
Okin said that if a PC has been infected and Media Player can no longer be run, the user should first ensure the system is no longer infected by the virus and then reinstall Media Player either from the original Windows CD or by downloading it from the Microsoft Web site.
Additionally, Okin said users should remain cautious about opening e-mail attachments and they should avoid clicking on links in e-mail messages whenever they can.
"When you receive a link to a Web site that you normally visit, don't click on the link, use your 'Favorites' or type in the address in manually," he said.
Munir Kotadia of ZDNet UK reported from London.
