A new virus that spreads by tricking computer users into clicking a link that pretends to direct the victim to a Yahoo.com news site remained a low threat on Friday, security experts said.
The virus "Wallon," first discovered in Europe early in the week, exploits a vulnerability in Microsoft Internet Explorer. Once executed, the malicious code gathers email addresses from the infected computer, using them to send the link to other potential victims.
The addresses are also apparently sent back to the virus writer, indicating the person could be a spammer or someone working for a spammer, Craig Schmugar, researcher for anti-virus company Network Associates, said.
Network Associates and security company Symantec have rated the virus a low threat, and recommend downloading patches from Microsoft's Windows update site.
Clicking on the fake link contained within the body of an email will send the computer user to any one of several sites, where the virus is automatically uploaded. Such distribution methods are common, but have not met with as much success as viruses sent in an email attachment.
"Viruses that have become prevalent in 2004 have the virus attached," Schmugar said."(The use of links) is a slow growing trend, but not as popular as email attachments."
The advantage of the link method is the ability to circumvent corporate security policies that block attachments containing executable files.
Wallon, so far, has infected about one-fiftieth of the computers damaged by Netsky, Bagle, MyDoom and other recent major outbreaks, Schmugar said.
Wallon is considerably less dangerous than Sasser, a recently discovered worm that can enter a victim's computer directly from the Internet. A patch is available to block Sasser, which attacks Windows 2000 and XP computers.
Machines infected with Wallon will periodically contact web sites controlled by the author, Schmugar said. "So the person in control of the web site can spread other viruses."
You can view the original article here... http://www.techweb.com/wire/story/TWB20040514S0008