Home News New Worm Threatens Users of Ya ...

News by WebKnowHow

New Worm Threatens Users of Yahoo! Messenger


Tuesday, May 23, 2006; 05:40 AM

Research experts at FaceTime Security Labs identified and reported a new threat today affecting Yahoo! Messenger. FaceTime researchers confirmed that a self-propagating worm, named yhoo32.explr, installs 'Safety Browser' and hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.

Because Safety Browser uses the IE icon, users can easily mistake it for Internet Explorer. This is the first recorded incidence of malware installing its own web browser on a PC without the user's permission. The self-propagating worm spreads the infection to Yahoo! Messenger contacts on the infected PC by sending a nefarious website link during a conversation. The link leads to a website that loads a command file onto the user’s PC and installs Safety Browser.

This spam over instant messaging (IM) is called spim. IM applications and protocols are an increasingly popular vector to distribute malicious files and executables.

"This is one of oddest and more insidious pieces of malware we have encountered in years," commented Tyler Wells, Senior Director of Research at FaceTime Security Labs. "This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser', have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."

The India research arm of FaceTime Security Labs discovered the threat in a 'honeypot', a trap they set to detect viruses, worms, spyware and other threats. Commentary on this threat by FaceTime Security Labs researcher Chris Boyd can be found on the Greynets Blog, at http://blog.spywareguide.com.



Related Resources

Other Resources