NEWS A new mass-mailing virus called Wallon which destroys Windows media player and is activated when a user tries to play MP3 or video files from an infected PC, has been discovered in Europe.
Traditionally, mass-mailing viruses such as Netsky and Bagle are spread as attachments. When an unsuspecting user opens the infected attachment, it executes a piece of code that usually attempts to steal the user's address book and often opens a back door to give hackers easy access to the system's resources.
Maikel Albrecht, product manager at Finnish security company F-Secure, said that because of recent virus outbreaks, users are less willing to open email attachments, which is why Wallon's author is counting on users clicking on an email link instead.
"The link in the email points to the actual virus, so if you click the link you download the virus," said Albrecht.
However, once the PC is infected, Wallon remains dormant until the user tries to run a media file such as an MP3 or a video. If by default the system uses Windows Media Player, the virus is activated and attempts to send HTML emails, each with a link to the virus file, to any email addresses in the computer's address book.
"If you try and play media content, the worm will activate and start spreading but the user will not see the media player," said Albrecht.
Wallon requires intervention by the user before it can replicate, so Albrecht expects it will not spread very quickly. But unlike common viruses, Wallon is destructive because it replaces the wmplayer.exe file, which means that users infected by the worm will need to reinstall Media Player.
Stuart Okin, chief security officer at Microsoft UK, said anyone worried about Wallon should install Microsoft's MS04-13 patch, which was released in mid-April and solves the problem.
Okin said that if a user has been infected and can no longer use their Media Player he or she should first ensure the system is no longer infected by the virus and then reinstall Media player either from his or her original Windows CD or from the Microsoft Web site.
Munir Kotadia writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. Craig
This must be an example of the first virus worth having!
2. Peter Scargill
It seems to me that one of the biggest problem with virus attacks is that we all treat this as a necessary evil. Not only should we report each and every virus attack ot the police, no matter how annoying that may be for them, so that the attack is noted as crime, but perhaps some body should be encouraging organisations to take legal action and other measures against convicted virus manufacturers - granted that would probably not net much in the way of direct return, but surely hounding the people for the rest of their lives in whatever ways are legally possible might act as some kind of a deterrent. If for example 100,000 companies donated £10 a year for rewards for the capture of virus writers (ie a fund of 1 million pound) that might encourage some of their pals to shop them? Beets sitting doing nothing about it?