Saturday, January 13, 2007

Yay! Winbudget is installed!

Hi folks,

In the last day or so, there has been some discussion, particularly in EDU circles, about some sort of bot programs infecting computers and displaying "Yay". (The Attentive Reader will be amused that malcode would actually announce its presence, but that's beside the point). It's not yet clear where they're getting the Yay-bot from, but part of the mystery is now solved. The purpose of the Yay-bot is to install a piece of adware/spyware called WinBudget. This is a Browser Helper Object that appears to monitor all the major search engines, and hijack the search results, displaying its own popups as well.

I guess we can speculate that the dork^h^h^h^h programmer who wrote the installer must have been a bit of a newbie, and was thrilled to find his code actually worked... thus the "Yay". The BHO, however, works quite well and is a real nuisance, and we've taken the precaution of blocking the BHO install site.


No comments: