Be alert when opening emails from Yahoo and when logging o to the Internet – antivirus companies issued warnings and software updates this week for a new worm, Wallon, that uses deceptive links to Yahoo.com to trick users into downloading malicious programs.
Wallon first appeared last Friday and spreads in e-mail messages. However, antivirus companies reported increased instances of the worm on Tuesday and said users could be tricked by its e-mail messages, which contain no virus attachments. Virus laced messages arrive with subject lines that read “RE” and a fake html link to the page http://drs.yahoo.com
If you click on that link, you can set off a chain of events that results in their Web browser being redirected to a non-Yahoo Web site controlled by the virus author and designed to trigger a long-patched Internet Explorer security hole known as the “object data vulnerability.” This allows the virus to download and run a file that replaces Microsoft Corp.’s Windows Media Player with a malicious program that downloads the Wallon worm’s main file and changes the Internet Explorer’s home page to a page maintained by the virus writer.
When the virus is activated and attempts to send HTML e-mails, each with a link to the virus file, to the addresses in the computer’s e-mail address book.