Next time you log on to Yahoo! Messenger, be careful of opening any attachment. A new worm is targeting the application to hijack PCs and install malicious software on them. The malware dubbed Yh032.explr was discovered by experts at FaceTime Security Labs using a "honeypot" trap set up to monitor the activity of viruses, Trojans, and other malicious software.
SafeTime said the malware infects the PC with two elements. The first element is a web browser called “Safety Browser.” This stand-alone application has no uninstaller and disguises itself with an Internet Explorer logo in some instances. The application also hijacks the personal homepage in Internet Explorer and points users to Safety Browser's homepage (demoplanet.tv). The hijack also plays looped music that cannot be stopped when the user starts up the PC or Safety Browser.
The second element is the self-propagating worm. This worm installs an .exe file that spreads the infection through Yahoo Messenger to everyone on the Contacts List.
"This is one of the oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime. "This is the first instance of a complete Web browser hijack without the user's awareness. Rogue browsers seem to be the hot new thing among hackers."
