New Yahoo! IM Worm Emerges

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

New Yahoo! IM Worm Emerges
Techtree News Staff Email Print
May 23, 2006

This time it's the Yahoo! Instant Messenger (IM) users who are under
threat from a new worm that installs a rogue Web browser called "Safety
Browser," and hijacks the user's Internet Explorer homepage.

Researchers from FaceTime Security Labs, a seller of instant messaging
security products, who first identified the threat, have dubbed this
first-of-its-kind worm as "yhoo32.explr" that was found on the Yahoo!
IM network about two weeks ago.

According to the researchers, this is the first recorded incidence of
malware installing its own Web browser on a PC, without the user's
permission. The worm drops the "Safety Browser" on the user's PC. The
Safety Browser uses the same icon as Microsoft's IE Web browser, and
when opened, takes users to a special home page called Demoplanet that
installs spyware on the PC. The icon randomly changes to the Internet
Explorer icon, and also urges the user to click on a series of
advertisements to further fool users, which in turn installs more
spyware and adware on their PCs.

Tyler Wells, senior director - research, FaceTime Security Labs, said
the new threat arrives as a link in a message box on the user's PC.
After someone clicks the link, at least one warning will be displayed
to tell the user that software is about to be downloaded or installed
and that this may be malicious.

FaceTime has issued an alert saying that the self-propagating new worm
spreads the infection to Yahoo! Messenger contacts on the infected PC,
by sending a nefarious Website link during a conversation. The link
leads to a Website that loads a command file onto the user s PC, and
installs Safety Browser. This spam over IM is called "spim". IM
applications and protocols are increasingly popular vector to
distribute malicious files and executables.

The threat was discovered by FaceTime Security Labs in a "honeypot," a
term used to describe a trap to detect viruses, worms, spyware, and
other threats.

Site Timeline