There is a new worm making the rounds, targeting the popular Yahoo Messenger application with the purpose of hijacking PCs and installing malicious software on them.
Experts at FaceTime Security Labs discovered the worm two weeks ago using a "honeypot" trap set up to monitor the activity of viruses, Trojans, and other malicious software.
The worm, dubbed Yh032.explr, marks the first time that researchers have encountered malicious software that installs its own Web browser on a PC without the user's permission.
"This is one of [the] oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime. "This is the first instance of a complete Web browser hijack without the user's awareness. Rogue browsers seem to be the hot new thing among hackers."
Taking the Bait
Security experts have said that the worm is particularly dangerous because the browser it installs uses the same icon as authentic versions of Internet Explorer. When users click on the faux icon, they are taken to a site that installs spyware on their computers. The phony browser has no uninstaller.
In addition to hijacking Internet Explorer's home-page setting, the worm plays a music loop that cannot be stopped when infected computers are rebooted.
That it looks like Internet Explorer definitely makes it more dangerous, said Rob Ayoub, an analyst at Frost & Sullivan. "If users are not technically savvy, there is a good chance that they will not recognize very quickly that it is not Internet Explorer."
Once installed, the worm accesses the Yahoo Messenger contact list on the infected PC and sends itself to every address on the list.
Caution: Malware Ahead
Natalie Lambert, an analyst at Forrester Research, said that the worm underscores the fact that malicious software is no longer distributed primarily through e-mail.
"People have to treat instant messaging as they have been taught to treat e-mail — with suspicion — and not open suspicious attachments," she said. "We have to start applying what we have learned with e-mail to these other applications."
Lambert said that, while the worm currently only threatens users of Yahoo Messenger, computer users should expect to see similar worms targeting other instant-messaging software.
"We have all been taught not to open suspicious attachments in e-mail," she said. "Even if the [links or attachments] come from someone we know, pick up the phone and say, 'I wasn't expecting this attachment. Did you mean to send it to me?'"
Source From Al & Mike News http://alandmike.wordpress.com
May 24, 2006 at 3:59 pm
Thanks. Something new everyday. Hopefully I can avoid this catastrophy waiting to happen.