Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Yahoo IM Worm Hijacks Browsers, Plays Migraine Music

A worm running through Yahoo's instant messaging network is installing a browser of its own -- a first for IM malware -- that leads users to adware and spyware sites, several security firms said Monday.

The worm, dubbed "Yhoo32.explr" by IM security vendor FaceTime Communications on Friday and "Browaf" by Symantec on Monday, is installed when Yahoo users click on a malicious link embedded within an instant message.

Yhoo32.explr downloads and installed the so-called "Safety Browser," which adds an IE-like icon to the desktop, and when used, takes the unsuspecting to sites where their PCs are infected with adware and spyware. The worm also changes the home page of IE to point to Safety Browser's site.

To complicate things, Safety Browser doesn't post an Uninstall option in Windows' Add or Remove Programs Control Panel applet.

"This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime, in a statement.

  • 1