The First Yahoo! Messenger Worm That Installs Its Own Browser

A security company from the US recently discovered a new threat that targets PCs having Yahoo! Messenger installed on them.


FaceTime Security Labs experts are warning users about a worm called yhoo32.explr, which installs 'Safety Browser' and hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.

The security company says that this is the first time when a malicious code installs its own web browser on a PC without the user's permission, and that users can be easily fooled because Safety Browser uses the IE icon.

"This is one of oddest and more insidious pieces of malware we have encountered in years," commented Tyler Wells, Senior Director of Research at FaceTime Security Labs.

"This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser', have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers," he added.

Aside from the damages mentioned above, the worm also infects all the contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC.