Warnings are being issued by security experts
about the dangers of a new instant messenger worm
that installs a rogue browser on compromised Windows PCs, and then installs spyware. yhoo32-explr spreads itself by sending links to a site that installs the Safety Browser to all an infected surfers' Yahoo! Messenger
contacts. FaceTime Security Labs
, who first discovered the worm
, claim that this is the first time that a complete web browser hijack without the user's awareness has been used by an IM worm.
Two elements of the attack have been noted - one with a stand-alone application that commonly disguises itself with a faked version of Microsoft's Internet Explorer logo, and another (a self-propagating iteration of the worm) that utilises an .exe file. The latter spreads through the Yahoo Messenger directories.
The technique of spam over instant messaging is referred to as "spim", and is a growing problem as IM applications and protocols are an increasingly popular vector for malware.