Fake safety browser worm strikes

News

Fake safety browser worm strikes

Tash Shifrin

A self-propagating worm that installs a fake internet browser on users PCs has hit the Yahoo! Messenger instant messaging network, security experts have warned.

Researchers from FaceTime Security Labs said the worm, named yhoo32.explr, uses the rogue browser to lure users to a site that puts spyware on their PCs.

The worm spreads the infection to Yahoo! Messenger contacts on infected PCs by sending a malicious website link during a conversation.

The link leads to a site that loads a command file onto the user’s PC and installs “Safety Browser” – the fake browser. FaceTime warned that because Safety Browser uses the Internet Explorer icon, users can easily mistake it for their usual browser.

The worm hijacks the user’s Internet Explorer personal homepage and points users to Safety Browser's homepage - demoplanet.tv – which installs spyware on their machines. The hijack is accompanied by looped music that cannot be switched off when the user starts up the PC or Safety Browser.

Malicious worm attacks through corporate instant messaging systems have been increasing rapidly. Research released in February by instant messaging management firm Postini found more than 2,400 new unique threats via instant messaging in 2005 and the number was expected to double by next year.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy