New Yahoo IM worm!!!

naveen_reloaded · 23-05-2006, 03:59 PM

Users of Yahoo Instant Messenger are under threat from a worm that hijacks their Internet Explorer homepage and leads them to a site that puts spyware on their PCs. Researchers at anti-malware firm FaceTime Security Labs, who identified the threat, say that the yhoo32.explr worm puts its own browser called Safety Browser on their PCs, the first recorded incidence of malware installing its own web browser on a PC without the user's permission.

According to FaceTime researchers, because Safety Browser uses the IE icon, users can easily mistake it for Internet Explorer.

A FaceTime alert says the self-propagating worm spreads the infection to Yahoo! Messenger contacts on the infected PC by sending a nefarious website link during a conversation. The link leads to a website that loads a command file onto the user’s PC and installs Safety Browser. This spam over instant messaging (IM) is called spim. IM applications and protocols are an increasingly popular vector to distribute malicious files and executables.

"This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime Security Labs. "This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser', have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."

The India research arm of FaceTime Security Labs discovered the threat in a 'honeypot', a trap they set to detect viruses, worms, spyware and other threats. Commentary on this threat by FaceTime Security Labs researcher Chris Boyd can be found on the Greynets Blog, at http://blog.spywareguide.com.

The malware infects the PC with two elements.

The first element is a web browser called "Safety Browser." This stand-alone application has no uninstaller and disguises itself with an Internet Explorer logo in some instances. The application also hijacks the personal homepage in Internet Explorer and points users to Safety Browser's homepage (demoplanet.tv). The hijack also plays looped music that cannot be stopped when the user starts up the PC or Safety Browser.

The second element is the self-propagating worm. The worm propagates by inserting a link into existing Messenger conversations on an infected PC. When an infected user initiates or joins a conversation, a link is inserted at random points in the conversation.

http://www.itwire.com.au/content/view/4390/53/

gary4gar · 24-05-2006, 11:35 PM

i think this should be in technology news

SunnyChahal · 25-12-2008, 10:58 PM

^^
Abey O yeh kya har jaga cool congrats laga rakha hai?
Go spam somewhere else. Spare this forum. Bl00dy spammers!

Cool Joe · 25-12-2008, 11:11 PM

Pidgin users won't be affected right? That's good.
This is yet another reason for users to switch to other browsers.

Kl@w-24 · 25-12-2008, 11:38 PM

Quote:

Originally Posted by beta testing

Pidgin users won't be affected right? That's good.
This is yet another reason for users to switch to other browsers.

That 'news' is two and a half yeas old. You can breathe easy.

Cool Joe · 25-12-2008, 11:50 PM

Ohhh yeahh....
I didn't see the date....
Hehe...

Charan · 26-12-2008, 01:40 AM

^^WTF

23-05-2006, 03:59 PM	#1 (permalink)
naveen_reloaded !! RecuZant By Birth !! Join Date: May 2005 Location: In Everyone`s Heart Posts: 2,985	New Yahoo IM worm!!! Users of Yahoo Instant Messenger are under threat from a worm that hijacks their Internet Explorer homepage and leads them to a site that puts spyware on their PCs. Researchers at anti-malware firm FaceTime Security Labs, who identified the threat, say that the yhoo32.explr worm puts its own browser called Safety Browser on their PCs, the first recorded incidence of malware installing its own web browser on a PC without the user's permission. According to FaceTime researchers, because Safety Browser uses the IE icon, users can easily mistake it for Internet Explorer. A FaceTime alert says the self-propagating worm spreads the infection to Yahoo! Messenger contacts on the infected PC by sending a nefarious website link during a conversation. The link leads to a website that loads a command file onto the user’s PC and installs Safety Browser. This spam over instant messaging (IM) is called spim. IM applications and protocols are an increasingly popular vector to distribute malicious files and executables. "This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime Security Labs. "This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser', have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers." The India research arm of FaceTime Security Labs discovered the threat in a 'honeypot', a trap they set to detect viruses, worms, spyware and other threats. Commentary on this threat by FaceTime Security Labs researcher Chris Boyd can be found on the Greynets Blog, at http://blog.spywareguide.com. The malware infects the PC with two elements. The first element is a web browser called "Safety Browser." This stand-alone application has no uninstaller and disguises itself with an Internet Explorer logo in some instances. The application also hijacks the personal homepage in Internet Explorer and points users to Safety Browser's homepage (demoplanet.tv). The hijack also plays looped music that cannot be stopped when the user starts up the PC or Safety Browser. The second element is the self-propagating worm. The worm propagates by inserting a link into existing Messenger conversations on an infected PC. When an infected user initiates or joins a conversation, a link is inserted at random points in the conversation. http://www.itwire.com.au/content/view/4390/53/ __________________ Know My Thoughts.. Visit my Blog @ www.Urssiva.com Visit My Tech Blog @ www.CloudTechnica.com

24-05-2006, 11:35 PM	#2 (permalink)
gary4gar GaurishSharma.com Join Date: May 2005 Location: Jaipur Posts: 4,097	Re: New Yahoo IM worm!!! i think this should be in technology news

25-12-2008, 10:58 PM	#3 (permalink)
SunnyChahal ... Join Date: Sep 2007 Posts: 3,736	Re: New Yahoo IM worm!!! ^^ Abey O yeh kya har jaga cool congrats laga rakha hai? Go spam somewhere else. Spare this forum. Bl00dy spammers!

25-12-2008, 11:11 PM	#4 (permalink)
Cool Joe The Black Waltz Join Date: Apr 2008 Location: The Shed Posts: 1,506	Re: New Yahoo IM worm!!! Pidgin users won't be affected right? That's good. This is yet another reason for users to switch to other browsers. __________________ #krow @ irc.freenode.net

25-12-2008, 11:50 PM	#6 (permalink)
Cool Joe The Black Waltz Join Date: Apr 2008 Location: The Shed Posts: 1,506	Re: New Yahoo IM worm!!! Ohhh yeahh.... I didn't see the date.... Hehe... __________________ #krow @ irc.freenode.net

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

26-12-2008, 01:40 AM	#7 (permalink)
Charan >:)I-):(\|)8-X Join Date: Sep 2004 Location: ಬೆಂಗಳೂರು (Bengaluru) Posts: 3,510	Re: New Yahoo IM worm!!! ^^WTF __________________ i5 2400 \| DH67BL \| G.Skill Ripjaw 4 GB \| FSP SAGA II 500W \| CM 430 Black Elite \| MSI R6850 Cyclone PE/OC \| XBox 360 Controller \| 21.5" Samsung Sync Master 2233 \| 4 Mbps UL

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode