Has your browser been hijacked?
Posted on 20 Jul 2011 at 11:05
"Prevention is always better than cure," says Davey Winder in his investigation of browser hijacking
Browser hijacking is alive and well but, rather than having your web browser diverted to Cuba, you’re much more likely to find yourself landing on some advert-sodden search engine you’ve never heard of.
Although you might have thought of browser hijacking as something that was a problem a decade ago, the truth is that the insidious process of replacing your homepage (or search page, or even error pages in some instances) with an interloper is still an issue.
Why would anyone want to do it? Well, whether it’s done as part of a malware attack or by an otherwise reputable company looking to build market share, the underlying reason is the same: increased web exposure equals increased bottom line. Yep, as with just about all cybercrime these days, money is the driving force.
Some of the more sophisticated attacks even employ rootkits to ensure they remain active after every reboot
The nature of a browser hijack is such that it’s usually pretty damn easy to spot when you’ve fallen victim to one as your web-browsing experience will change. The most common approach is to redirect you from your default search engine – be that Google or Bing – and force you to use a below-par service that you haven’t heard of and wouldn’t ever use out of choice.
Sometimes it can become obvious even before you attempt to perform a search, because the hijacker simply replaces your default homepage with one that hits you with banner ads and pop-ups instead. Perhaps the hijack that’s most insidious, and increasingly popular among cybercriminals looking to make a fast profit, is one where homepages, search engines and error messages are all hijacked so that a “malware infection warning” pop-up is displayed.
This of course leads you to those rogue antivirus software sting pages, where you end up parting with your cash for software to clear up a non-existent infection, and which nine times out of ten actually installs more malware on your machine.
But what’s the real problem with such a hijack if it’s so obvious? Surely a savvy user would just pop into their browser settings and return things to normal? They might, but as soon as they restart their browser or reboot their machine the problem might return, since these hijacks write themselves into various places such as your hosts file or the system registry, for example.
Some of the more sophisticated attacks even employ rootkits to ensure they remain active after every reboot. Clearing up after a hijack is a lot more difficult than falling victim to one, especially since some of the more sophisticated ones will prevent your browser from visiting the most popular antivirus and security vendor sites, where you might otherwise be able to get help.
On PC Pro it feels like it...
My browser FEELS as if it's been hi-jacked when I go to PC Pro pages - they often take ages to load - meanwhile I can go to the Beeb, Register, etc. and read a page or two whilst waiting. Eventually I can go back to PC Pro and start reading.
By halian on 21 Jul 2011
Virus checkers are not keeping up
I've had to deal with a number of latops recently that had MS Security essentials, AVIRA, Norton and McAfee installed but were hijacked and the anti-virus disabled by a website, in all cases accessed by searching for something harmless (like wedding dress photos) on Google.
At the moment AVG free seems to be the only (free) anti-virus that checks web-links and blocks hijacking.
I'm hoping this will change and these anti-virus won't just be scanning files while leaving a gaping hole in the browser.
By cheysuli on 29 Jul 2011
Now my second essential anti-spyware tool besides Malwarebytes... Who I am surprised at how ineffectual they have been on Rootkit removal.
By JulesWilko on 10 Aug 2011
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- Facebook "click on the photo" scams: how they work
- Three alternatives to Word's spelling and grammar checker
- Google two-step verification: a must for business email
- Microsoft Office and the death of upgrades
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- AMD’s "Seattle" ARM chips set for 2014 release
- Adobe’s subscription-only Creative Cloud goes live
- BBC "misled" MPs over failed £100 million IT project
- Join the PC Pro Business Lunch for the finance sector
- MPs "shocked" Huawei-BT deal wasn't vetted
- Government wastes "three days a year" booting PCs
- Windows 8.1 brings back the Start button
- Microsoft connects Skype to Lync
- Cisco moves to block Microsoft-Skype deal
- Half of the UK’s biggest sites break cookie rules