A new fileless browser hijacker called Yeabests.cc or TopYea has been discovered. This infection creates a WMI event handler that executes a VBScript script every 10 seconds to infect your browsers shortcuts so it opens a site under the developers control.

Yeabests.cc: A fileless infection using WMI to hijack your Browser