by Playfuls Staff |
22nd May 2006
IT experts working at FaceTime Security Labs have recently identified a new self-propagating worm named yhoo32.explr which affects Yahoo! Messenger, installing 'Safety Browser' and hijacking the Internet Explorer homepage, thus leading users to a site that puts spyware on their PCs. [more]
Because 'Safety Browser' uses the IE icon, users can easily mistake it for Internet Explorer. This is the first recorded incidence of malware installing its own web browser on a PC without the user's permission.
The self-propagating worm spreads the infection to all contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC and installs Safety Browser. This spam over instant messaging (IM) is called spim. IM applications and protocols are an increasingly popular vector to distribute malicious files and executables.
The India research arm of FaceTime Security Labs discovered the threat in a "honeypot", a trap they set to detect viruses, worms, spyware and other threats.
More details on this threat are available on the
Greynets Blog.
