 |
| Source: Infoworld |
Security experts have recently discovered a highly devious new worm that spreads via Yahoo Messenger and hijacks the homepage of Internet Explorer, luring users to a malicious website.
The worm, named yhoo32.explr, is capable of self-replication. Once clicked by the user, it stealthily installs a software called “Safety Browser” on the machine, subsequently hijacking the homepage of Internet Explorer and redirecting users to another site.
Here, a spyware program is waiting to infiltrate the computer as soon as the user accesses it. Since Safety Browser uses the Internet Explorer icon for disguise, users may easily mistake it for a legitimate version of Internet Explorer.
This is the first recorded instance of a type of malware that can install its own web browser on a computer without user consent, according to security firm FaceTime.
The yhoo32.explr worm will self-propagate to all contacts in Yahoo! Messenger, accompanied by a “malicious” link. If unsuspecting users click on it, a command file will be downloaded to the computer, and the installation of Safety Browser is unavoidable.
“This is the most malicious and cunning worm we have encountered in many years“, said Tyler Well, senior research director at FaceTime.
“This is the first case where a web browser has been completely hijacked without the user being aware. Using a ‘rogue’ browser to lure users to harmful and illegal content poses a significant risk.
This may be the hottest new trend among hackers in the near future“, Well predicted.
Thien Y
