Malware via Yahoo Messenger hijacks browser’s startpage

If you are an unlucky user of Yahoo Messenger and you have followed the link in an advert for a Vietnamese Internet directory website named LaBan.vn and you have installed the exe file you have been infected with a persistent app that will take you to their website on and on.

“It is not yet clear whether the banner has reached YIM customers following a legit advertising campaign that was modified by the advertiser later, or if it is an abusive attack that exploits a bug in the Yahoo Ad services,” told Bitdefender’s Bogdan Botezatu, but the banner was displayed for four hours.

The thing with this app is that it will not be easily defeated. The infected app sticks itself to the Windows startup registry files so it will run after every single system reboot, and then it will change the default start page of the browsers from the infected computers.

Botezatu doesn’t mention if the LaBan.vn site is responsible for other malicious apps except for this one, but even if this is the only affected app it must be really annoying to be redirected to a page you don’t want to see each time you run the browser.

For the unlucky users that did install the app, Bitdefender has a free removal tool available for download for both 32- and 64-bit OS.

Again we warn users to avoid installing unknown files websites they do not know or trust.