MessageLabs warns: new email-harvesting worm uses hyperlink to slip through anti-virus defences
14 May 2004
CITEC partner MessageLabs, the leading provider of managed email security services to business, has identified a new mass-mailing worm – W32/Wallon.worm.a – that tries to harvest email addresses, presumably for sending spam.
According to MessageLabs, the worm has the potential to spread rapidly because the method of infection is hyperlink-based.
The company’s Asia Pacific Technical Director, David Banes, warns: “Most email filtering systems are geared towards stripping out file extensions such as .exe or .zip rather than blocking links, and while users are trained not to open attachments, they are not cautioned against clicking on links. So W32/Wallon.worm.a has the potential to spread like a global bushfire."
Banes adds: "Organisations that omit either an anti-spam or anti-virus element from their malware defences are at risk.
"The latest worm highlights an urgent need for defence in depth, which incorporates stopping all malware at the Internet level."
W32/Wallon.worm.a is propagated through spam emails that contain a hyperlink in the message body. The hyperlink is designed to trick users into thinking they are going to a Yahoo News site, when in fact they are redirected to a page on the www.security-warning.biz domain.
When users click on the hyperlink they are directed via several different sites to a site that contains the virus, resulting in infection.
The remote site is believed to contain code that exploits an Internet Explorer vulnerability to install the virus.
More about MessageLabs
MessageLabs is the leading provider of managed email security services to businesses worldwide.The company has more than 50 per cent market share of the managed email security services market. MessageLabs currently protects more than 8,000 businesses worldwide, protecting more than 2 million business end users from email security threats such as viruses, spam and other unwanted content before they reach their networks and without requiring additional hardware or software.
Powered by a global network of 75 control towers with 1500 servers that spans Australia, the United States, the United Kingdom, Hong Kong, Singapore, Germany, Belgium and the Netherlands, MessageLabs scans up to 40 million emails a day on behalf of customers such as QBE Insurance, Daiwa, Voyages Hotels and Resorts, Mandarin Oriental Hotels, Sanitarium, SunWater, The British Government, Fujitsu, The Bank of New York, Conde Nast Publications, StorageTek, EMI Music and Diageo.
For more information on MessageLabs and its industry-leading email security and management services, please visit http://www.messagelabs.com
