New Yahoo IM Worm Poses as 'Safety' BrowserBy Matt Hines | Posted 2006-05-22 Email Print
In an attempt to cash in on users' growing security fears, a new worm propagating itself over Yahoo's IM client disguises itself as a browser defense application.
Security researchers have identified a new worm spreading across Yahoo's instant messaging network that has been cloaked under the guise of a "safety" browser in an attempt to dupe users.
First discovered by anti-malware researchers at FaceTime Communications, the worm, labeled as yhoo32.explr, is forwarding itself throughout Yahoo's IM system via the contact lists of people whose computers it has already been infected. Once loaded onto a PC, the malicious program automatically hijacks the computer's existing browser home page and encourages users to visit a fraudulent Web site that attempts to load spyware programs onto their devices.
FaceTime researchers said they have observed two versions of the attack, one of which is a stand-alone application with no uninstaller that frequently disguises itself with a faked version of Microsoft's Internet Explorer logo. The second, self-propagating iteration of the worm, uses an .exe file to spread the infection through the Yahoo Messenger directories.
Yahoo representatives didn't immediately return calls seeking comment on the IM virus.
In addition to prompting users to visit the malware-loaded Web site, the virus also plays looped guitar music whenever someone starts up a PC it has infected, or opens the fraudulent safety browser itself. FaceTime researchers said that the attack is the first form of virus they have encountered that installs its own Web browser on a PC without the user's permission.
Read the full story on eWEEK.com: New Yahoo IM Worm Poses as 'Safety' Browser