IM worm installs rogue browser
Safety last
Security researchers are warning of an instant messenger worm that installs a maliciously constructed browser onto compromised Windows PCs. The self-propagating worm, dubbed yhoo32-explr, installs a so-called “Safety Browser”. Users who install the software are directed to a site that loads spyware onto their PCs.
Yhoo32-explr spreads by sending links to a site that installs the Safety Browser to all an infected surfers’ Yahoo! Messenger contacts. Safety Browser uses the IE icon in a bid to dupe unsuspecting users.
Once installed, Safety Browser hijacks the personal homepage in Internet Explorer and directs it towards the Safety Browser homepage (actually a site loaded with spyware). It also plays looped music that can’t be stopped.
Full story: The Register