A new worm is spreading around, using Yahoo! Messenger as its propagation vector.
Users of Yahoo! Messenger may be affected by this worm as it sends a website link to all contacts in the users contacts list.
Accessing the website link installs a “Safety Browser” on the affected machine. The web browser is installed without permission from the user and it disguises itself using the Internet Explorer logo/icon. When this “Safety Browser” is opened, it plays music that loops over and over.
Furthermore, it modifies the startup page in Internet Explorer to display the Safety Browser’s own homepage.
A detection pattern is currently in the works to detect this new threat. We’ll update you asap once it’s out.
Update(Jasper, 24 May 2006 14:15:01)
This worm is being detected by Trend as TROJ_BROWSAFE.A. The detection pattern is available in CPR 3.452.01