Researchers at FaceTime Security Labs have discovered a worm that installs its own web browser onto affected PCs after it’s downloaded through an instant messenger (IM) program.
The yhoo32.explr worm spreads through Yahoo Instant Messaging by a link that leads users to Myspace and forum message boards. After the file is downloaded, looped music – heavy with drums and electric guitar – blare from an infected PC, according to FaceTime’s Spyware Guide blog.
Once the worm, posing as a "location technology" download for localized content, is downloaded, a new web browser – called the "safety browser" appears on an affected PC’s desktop.
When the affected user checks the profile of another Yahoo IM user, the worm sends an infection link to another user, according to FaceTime.
In some cases, the malware takes a user to a site offering supposed free gifts, which are actually links to hijack sites that bombard users with viruses, adware and spyware, according to the security firm.
"This is one of the oddest and most insidious pieces of malware we have encountered in years," said Tyler Wells, senior director of research at FaceTime. "This is the first instance of a complete web browser hijack without the user's awareness."