Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] IM worm installs 'safe' Web browser

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] IM worm installs 'safe' Web browser
Date: Tue, 23 May 2006 00:22:35 -0500 (CDT) 
http://news.com.com/IM+worm+installs+safe+Web+browser/2100-7349_3-6075401.html

By Joris Evers 
Staff Writer, CNET News.com
May 22, 2006

A new instant messaging worm installs a rogue Web browser called
"Safety Browser" and hijacks the user's Internet Explorer home page,
experts have warned.

The worm, dubbed "yhoo32.explr" by FaceTime Security Labs, was found
two weeks ago on the Yahoo instant messaging network and was still
active as of Friday, Tyler Wells, senior director of research at
FaceTime, a seller of instant messaging security products, said in an
interview.

The worm drops the "Safety Browser" on the target's machine. The rogue
browser uses the same icon as Microsoft's IE Web browser and, when
opened, takes users to a site that installs spyware on the PC,
FaceTime said. "This is the first recorded incidence of malware
installing its own Web browser on a PC," the company said in a
statement.

The pest also sets the victim's IE home page to Safety Browser's Web
site and plays looped music that cannot be stopped, FaceTime said.  
Additionally, when installed the worm sends itself to all of the
infected user's contacts, the security company said.

The new threat arrives as a link in a message box on the target's PC.  
The link may also say "Goat_Ensem Bot" with a smiley. After someone
clicks the link, at least one warning will be displayed to tell the
user that software is about to be downloaded or installed and that
this may be malicious, Wells said.

Researchers at Foster City, Calif.-based FaceTime discovered the pest
after it hit on one of their test machines. These PCs are connected to
instant messaging networks and typically logged in to chat rooms,
which often are the starting point for new IM worms.

IM users can protect themselves against this and many other IM threats
by not clicking unexpected or unsolicited links.

Copyright ©1995-2006 CNET Networks, Inc



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] IM worm installs 'safe' Web browser, InfoSec News <=
Previous by Date:  [ISN] Thieves steal personal data of 26.5M vets, InfoSec News
Next by Date:  [ISN] OMB to agencies: Review personal data protections, InfoSec News
Previous by Thread:  [ISN] Thieves steal personal data of 26.5M vets, InfoSec News
Next by Thread:  [ISN] OMB to agencies: Review personal data protections, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]