Wallon Worm Skirts Around Windows Patch Release | eWeek

Wallon Worm Skirts Around Windows Patch Release

May 12, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The latest exploit of Windows and Internet Explorer found its way into e-mail boxes in Europe on Wednesday with the arrival of the Wallon.A worm. According to security services, the new worm is considered a midrange threat and is continuing to spread in the wild.

Wallon.A, reported by several security services such as F-Secure Corp. and Network Associates Inc.s McAfee business unit, takes advantage of a known vulnerability in Windows.

In fact, its rather convoluted action was covered under the security advisory MS04-013, released in April.

Wallons infection process is complicated. Unlike the ordinary e-mail worm that arrives in an attachment to a message, Wallon appears as a link in a message to a Yahoo page. But with redirection, the Yahoo connection leads to another page that delivers an encrypted link to yet another page that delivers a special downloader application.

Microsoft provided a security patch for this vulnerability in April and suggested its application for all currently supported Windows versions. The company describes the update as “critical” and recommends it for all Windows variants, starting with Windows 98, even for systems where Outlook Express is not the default e-mail reader.

The downloader app is activated by a call to the Windows Media Player, so when the user enters a media-rich site or views some streaming content, the actual worm is finally downloaded. It then proceeds to perform a series of actions to propagate itself, the services report.

/zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Microsofts latest patch release addresses a similarly convoluted social engineering mechanism with advisory MS04-015, titled “Vulnerability in Help and Support Center Could Allow Remote Code Execution.” In this case, users are directed to a malicious Web page where they click on a link and follow directions. The actual attack occurs only after they perform the actions.

Editors Note: This story was updated to correct the related bulletin information.

/zimages/3/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/3/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.