A self-propagating worm that installs a fake internet browser on users PCs has hit the Yahoo! Messenger instant messaging network, security experts have warned.
Researchers from FaceTime Security Labs said the worm, named yhoo32.explr, uses the rogue browser to lure users to a site that puts spyware on their PCs.
The worm spreads the infection to Yahoo! Messenger contacts on infected PCs by sending a malicious website link during a conversation.
The link leads to a site that loads a command file onto the user’s PC and installs “Safety Browser” – the fake browser. FaceTime warned that because Safety Browser uses the Internet Explorer icon, users can easily mistake it for their usual browser.
The worm hijacks the user’s Internet Explorer personal homepage and points users to Safety Browser's homepage - demoplanet.tv – which installs spyware on their machines. The hijack is accompanied by looped music that cannot be switched off when the user starts up the PC or Safety Browser.
Malicious worm attacks through corporate instant messaging systems have been increasing rapidly. Research released in February by instant messaging management firm Postini found more than 2,400 new unique threats via instant messaging in 2005 and the number was expected to double by next year.