Bitdefender has warned that a piece of malicious advertisement leading to a Vietnamese website has been displayed on all Yahoo Messenger (YIM) windows in the world. It appears the Yahoo Messenger client has been instructed to display a banner linking to Vietnamese website Laban.vn.
It is not yet clear whether the banner has reached YIM customers following a legitimate advertising campaign later modified by the advertiser, or if it is an abusive attack that exploits a bug in the Yahoo Ad services. One thing is certain: users who followed the neatly crafted banner were directed to laban.vn, where they were prompted to install an executable file.
When run, the application looks for installed browsers, and then hijacks the start page of each one to hxxp://laban.vn. This would be normal behaviour for a browser add-on or toolbar, but there is more to the application than that: it adds itself to the Windows startup entries, so it can start at every system boot. When initialised, the application hijacks the browser start page over and over again.
If you have already installed the respective exe file, simply changing the browser’s start page won’t be enough. Bitdefender offers a free removal tool that eliminates all traces of the laban.vn hijacker and restores the browser start page to about:blank. The Yahoo Messenger malware removal tool fully supports 32/64-bit operating systems and can be downloaded for free from the Bitdefender Labs Downloads Area.