Yahoo! Messenger worm installs rogue browser

By Derek Sooman on May 23, 2006, 6:35 AM
Warnings are being issued by security experts about the dangers of a new instant messenger worm that installs a rogue browser on compromised Windows PCs, and then installs spyware. yhoo32-explr spreads itself by sending links to a site that installs the Safety Browser to all an infected surfers' Yahoo! Messenger contacts. FaceTime Security Labs, who first discovered the worm, claim that this is the first time that a complete web browser hijack without the user's awareness has been used by an IM worm.

Two elements of the attack have been noted - one with a stand-alone application that commonly disguises itself with a faked version of Microsoft's Internet Explorer logo, and another (a self-propagating iteration of the worm) that utilises an .exe file. The latter spreads through the Yahoo Messenger directories.

The technique of spam over instant messaging is referred to as "spim", and is a growing problem as IM applications and protocols are an increasingly popular vector for malware.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.