Yahoo says a self-propagating worm, yhoo32.explr, is threatening Yahoo! Messenger users.

It's the first recorded incidence of malware installing its own web browser on a PC without the user's permission.

The worm, "installs 'Safety Browser' and hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs," says Yahoo.

Because Safety Browser uses the IE icon, users can easily mistake it for Internet Explorer.

"The self-propagating worm spreads the infection to all contacts in Yahoo! Messenger by sending a website link that loads a command file onto the user's PC and installs Safety Browser," the company says.

Yhoo32.explr infects the PC with two elements, adds Yahoo.

The stand-alone 'Safety Browser has no uninstaller, "and disguises itself with an Internet Explorer logo in some instances. The application also hijacks the personal homepage in Internet Explorer and points users to Safety Browser's homepage (demoplanet.tv). The hijack also plays looped music that cannot be stopped when the user starts up the PC or Safety Browser."

The second element is the self-propagating worm which installs an .exe file that spreads the infection through Yahoo Messenger to everyone on the Contacts List.

Also See:
Yahoo - Self-Propagating Worm Installs Unsafe 'Safety Browser', May 19, 2006

NOTE: p2pnet is currently being sued for alleged libel by Kazaa owner Sharman Networks and Kazaa ceo Nikki Hemming. In the interests of freedom of speech, we're determined to fight this case before a jury but we don't have the financial or legal resources to meet them on level ground. Any help you can give will be very gratefully received. Please go here for more.