W32/Wallon-A

Aliases	W32/Wallon.worm
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Protection available since	11 May 2004 23:13:36 (GMT)
Last updated	12 May 2004 19:12:56 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Wallon-A is an email worm. The worm sends mail containing a deceptive
link. The link appears to direct the user to drs.yahoo.com/<user's domain>/NEWS but in fact points to a location on another website. The user is redirected to a website which exploits the MTHML URL processing vulnerability to run a malicious script on the local computer. The script in turn downloads and runs several pieces of malicious software, including W32/Wallon-A.

The Trojans used and installed during the infection process are:
Troj/Psyme-V, Troj/StartPa-HF, Troj/Dloader-JK and Dial/Top69-A.

The Microsoft vulnerability was first reported on 13 April, and Microsoft have issued protection, which can be downloaded from Microsoft Security Bulletin MS04-013.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Wallon-A

Summary

Action

More Information