kronas
14-05-2004, 18:12
W32/Wallon-A is an email worm. The worm sends mail containing a deceptive link. The link appears to direct the user to drs.yahoo.com/<user's domain>/NEWS but in fact points to a location on another website.
The website that the user is directed to utilises Trojan downloaders and exploits to download and run a copy of W32/Wallon-A.
The Trojans used and installed during the infection process are:
Troj/Psyme-V, Troj/StartPa-HF, Troj/Dloader-JK and Dial/Top69-A.
sophos:
http://www.sophos.com/virusinfo/analyses/w32wallona.html
symantec: in depth removal and exploitation information of microsoft patches:
MS04-004 and MS04-013
http://securityresponse.symantec.com/avcenter/venc/data/w32.wallon.a@mm.html
The website that the user is directed to utilises Trojan downloaders and exploits to download and run a copy of W32/Wallon-A.
The Trojans used and installed during the infection process are:
Troj/Psyme-V, Troj/StartPa-HF, Troj/Dloader-JK and Dial/Top69-A.
sophos:
http://www.sophos.com/virusinfo/analyses/w32wallona.html
symantec: in depth removal and exploitation information of microsoft patches:
MS04-004 and MS04-013
http://securityresponse.symantec.com/avcenter/venc/data/w32.wallon.a@mm.html