Posted on 05/21/2006 6:32:25 PM PDT by gondramB
Researchers have identified an "insidious" threat affecting Yahoo Messenger. A self-propagating worm, named yhoo32.explr, installs a piece of software called 'Safety Browser' and then hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.
Because Safety Browser uses the IE icon to identify itself, users can easily mistake it for the legitimate Internet Explorer. This is the first recorded incidence of malware installing its own web browser on a PC without the user's permission, according to security firm FaceTime.
The self-propagating worm spreads the infection to all contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC and installs Safety Browser.
"This is one of oddest and more insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime Security Labs.
"This is the first instance of a complete web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser,' have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."
</SARCASM>
No, the website is part of a group the promotes illegal immigration into the U.S. and Congress must debate how to handle the situation. They are thinking about putting up a firewall and then instituting fines against anyone that goes to the website.
Although some in the Senate are opposed to the firewall idea.
I spend most of time on the internet using win 98. Works ok and not many attacks.
I recently got a worm on my 530n HP which is a 2.8mhz and runs winxp home edition. It was, was disabling and rendering the virus protection, and malware programs useless. Damn, they are getting sophisticated. It eventually locked up the computer, or I killed some crutial function, trying to get rid of it. All I could get was a blank screen.
HP has the partitioned hard drive with restore capability....you don't have to reload the operating system and drivers from disks. Never used it before but it restored everything....amazing.
Good to know. Thanks. I heard that restore feature worked. Thought of trying it just for the heck of it...next time I am on a friends computer...
Do you have an HP? BTW, when you start the restore, they ask you are you really sure you want to do this? It will wipe out everthing you installed since you bought the computer....but actually it restored everything on the HD. I was impressed.
I just have to do some tweaking to get folders and things back to the way I like them. There may be a few programs that won't function. I found one allready.
Use something else, like Trillian or AIM.
When it infects a computer, it will likely send a message like this:
hey dude check out this pic of us
coolpic.jpg
Most people, when they get such a message from someone in their buddy list, will assume the link is actually to a picture and click on it. Of course, if you mouse over the (fake) link in my example, you'll see it actually points to a .com file, which is an executable program, even though I falsely labeled it as a .jpg picture file. Clicking on a link to an executable program will run the program, thus installing the malware on your computer and sending the same message to everyone in your buddy list.
The solution is simply not to click on any link anyone sends you via instant messenger program unless you can confirm with them that it is a genuine link and not malicious. It's also advisable to right-click the link and select "Properties" to make sure the link points to what it says it does, such as a .jpg picture or a .html web page, and is not actually a program such as a .com or .exe file. In any case, it is not possible for such a worm to run without action on the part of the user, and avoiding clicking on any link sent by instant messenger will prevent infection of your PC.
On a side note, while I use and recommend Firefox as a better web browser than IE6, it's of no particular help in this case. Yes, it won't get infected, but if you click on an infected link, you will still get this worm on your computer, and it will still attempt to infect everyone on your buddy list. Other malicious effects are also possible.
firewalls are insensitive!
You are only allowed to set up a VIRTUAL firewall which will report the problems to a service agent of the IP service (someone outsourced working in India), That IP agent will call you and advise you how to fix your problem within 30 days (assuming you can even understand them)
I've always looked at IMs as a portal for bad crap since it requires no action by the end user - which is why I refuse to use it and delete messengers from bundled software.
Ironically, my employer uses it.
I'll try Firefox again. Last time certain programs wouldn't work with it or images not loading. It's been so long I can't remember what the problem was, but it's sure worth a try again.
Thanks. Very helpful. As long as you don't click links you're fine. I never click links on Yahoo Messenger, so I guess I won't have a problem (if the kids don't, that is).
No, I have a home built system. Really need to do a back up. But I see XP has the restore. Do you figure it works the same? The HP system sounds great.
Anyhow, I think I had best do a date back up. I have the burner and the disks next to me. Would hate to loose some data I have on there since my last back up.
True, but then the security holes would remain and only be exploited during times of war by governments and/or terrorist groups.
I don't like them either, but then I don't understand why it's so hard to make secure software.
I've just found out that all my game codes and registration info have to be re-entered. Windows itself must get overwritten in the restore process which wipes out any ini files. It probably overwrites the registry too, otherwise the origional problem would not go away.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.