Spotlightingnews

Yahoo IM Worm Changes IE Homepage

Yahoo Instant Messenger, is haunted by a worm that changes the users Internet Explorer homepage, taking them to a spyware-installing site demoplanet.tv, Facetime Security Labs say.

Spyware-fighter FaceTime Security Labs company, stated that the yhoo32.explr worm installs, without permission, a browser named Safety Browser, which can be easily be taken as the official Microsoft Internet Explorer, as it copies its logo. One of the striking differences is that when Safety Browser is installed, it plays some tunes during startup.

IM networks are an increasingly common channel for the spread of malware such as viruses, worms and spyware. IM and spyware applications are both representative of what FaceTime has termed greynets - network-enabled applications that operate outside the control of the corporate IT department. This highlights the dilemma facing both IT staff and security vendors - how to manage the greynet 'spectrum' to enable business productivity from good greynet applications such as IM while preventing bad applications such as spyware.

The second part of this malware is the worm itself, which sends self-propagating links during Yahoo Instant Messenger chats.

Tyler Wells, senior director of research at FaceTime Security Labs:

"This is one of oddest and more insidious pieces of malware we have encountered in years. This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser', have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."

FaceTime Communications is a leading provider of security solutions enabling businesses to secure and control greynet applications such as instant messaging, adware/spyware, webmail, P2P file sharing, web conferencing and instant voice.

While some greynets, especially IM, have legitimate business uses, others such as P2P file sharing, Skype and spyware can pose serious consequences to the organization. The ability to implement powerful controls to enable the productive use of greynets, while defending and preventing their malicious use, is a requirement for today's enterprises.