Posted on 05/21/2006 6:32:25 PM PDT by gondramB
Researchers have identified an "insidious" threat affecting Yahoo Messenger. A self-propagating worm, named yhoo32.explr, installs a piece of software called 'Safety Browser' and then hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.
Because Safety Browser uses the IE icon to identify itself, users can easily mistake it for the legitimate Internet Explorer. This is the first recorded incidence of malware installing its own web browser on a PC without the user's permission, according to security firm FaceTime.
The self-propagating worm spreads the infection to all contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC and installs Safety Browser.
"This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime Security Labs.
"This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser,' have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."
A new type and level of threat - IMs are used more and more by non-techies.
So what do you do if you use Yahoo Messenger? Never let it boot again? Is there some remedy?
>>So what do you do if you use Yahoo Messenger? Never let it boot again? Is there some remedy?<<
I'm looking into that - this is a discussion on the topic on slashdot - if nothing else there will surely be a fix from Yahoo.
http://it.slashdot.org/it/06/05/21/132211.shtml
If this sort of thing were classified as a capital offense that upon conviction, carried a mandatory death sentence without any optional sentencing possible by the judge, you would see a dramatic decrease in hacking and other sorts of computer tampering.
Save
Come on. We don't have the b@lls to put down the gang-bangers, drug-peddlers, rapists and child molesters...
So if you don't use Yahoo Messenger you are OK?
>>So if you don't use Yahoo Messenger you are OK?<<
Yes. As I understand it this is a threat only to Yahoo messenger users.
Thanks.
BTTT for future reading....
Agreed.
Can't they just shut down that website?
I hate to say it but anyone using IMs are asking for trouble
Really feel sorry for you suckers using Windose... never learn anything?
Guess u get what u pay for... hehe
Its the price for sucking all the foul vapor that comes out of Mafiasoft rear end.
>>Can't they just shut down that website?<<
The spyware browser, "Safety Browser" is not in itself ilegal if it is installed with consent.
It may need to be shown that the web site is connected with the worm by a money trail etc. Even then, the worm apparently asks the user to download it...
Ping
Very simple answer. Use one computer for Yahoo Messenger and all the other stuff for fun but that you could really care less about. Then, if you get the virus, swamp in a new hard drive and start over.
Never under any circumstances use YM on a computer with sensitive information. For that matter, do not browse the net with the same computer. Have two computeres. They are cheap enough these days.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.