WAYS OF INFECTION
Browser hijackers differ from regular viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are three major ways unsolicited parasites can get into the system.
1. Usually browser hijackers are installed by unsafe freeware, shareware or advertising-supported programs such as various browser add-ons or toolbars. Even reputable AOL products like AOL Instant Messenger can change default web browser settings. Uninstalling the host application in most cases doesn’t remove bundled parasite.
2. Lots of spyware and adware parasites have integrated browser hijackers that get silently installed during the host parasite’s installation process. Removing a particular spyware or adware doesn’t affect a browser hijacker.
3. Some widely spread browser hijackers get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites (mostly with pornographic or illegal advertising content) filled with malicious code or distribute unsafe advertising pop-ups. Whenever a user visits such a site or clicks on such a pop-up, harmful scripts instantly install a parasite. A user cannot notice anything suspicious, as browser hijackers do not display any setup wizards, dialogs or warnings.
It is known that some browser hijackers are dropped by specific viruses, worms or trojans.
Parasites affect mostly Microsoft Internet Explorer web browser. Some less prevalent threats are designed to compromise other popular browsers.
WHAT A BROWSER HIJACKER DOES?
- Changes web browser’s default home page to a particular web site without asking for user permission.
- Changes web browser’s default search page to a predetermined web site without user consent.
- Sets own error page instead of web browser’s default one, which is displayed when the entered web site address is not valid.
- Redirects a web browser to a predefined site whenever the user enters invalid address or performs an Internet search.
- Modifies essential web browser settings, decreases default security level and adds undesirable or insecure resources to the Trusted sites list.
- Creates numerous links to advertising pages, places desktop shortcuts to marketing sites, adds multiple bookmarks to the web browser’s Favorites list.
- Tracks user’s web browsing habits, records addresses of visited sites and sends collected data to a remote server.
- Complicates usual web surfing, blocks some reputable Internet resources, opens different web sites instead of requested ones.
- Degrades overall web browser stability and performance. Some parasites are badly programmed, they waste too much computer resources and conflict with installed applications.
- Provides no uninstall feature and hides from the user in order to obstruct its removal as much as possible.
EXAMPLES OF BROWSER HIJACKERS
There are plenty of different browser hijacker parasites. The following examples illustrate their typical behavior. SafeSearch
, the widely spread pest, redirects Internet Explorer to predetermined web sites and displays undesirable advertisements from a pornographic web site. It also blocks access to popular Internet resources like MSN or VeriSign. Most browser hijackers are quite similar to SafeSearch and therefore are not very dangerous.
IBIS WebSearch is a way more functional and harmful browser hijacker. It is a third-party toolbar for Internet Explorer that provides a web search service, pop-up blocker and browser skins. However, it also changes default home and search pages and modifies essential Internet Explorer settings. IBIS WebSearch creates links to various resources, silently updates itself, downloads and installs unsolicited and potentially insecure arbitrary software without user knowledge and permission. Moreover, the parasite collects information about the user, logs keywords from searches and sends gathered data to a predetermined web server. CoolWebSearch
is an even more dangerous and traitorous threat. It is the entire family of browser hijackers that all attempt to redirect a web browser to the coolwebsearch.com domain. Most of them display large amount of undesirable commercial advertisements, change web browser's default start and search pages and modify browser’s essential security settings. Some CoolWebSearch variants are able to steal user passwords, bank account details and other user identity data. These parasites are virtually impossible to get rid of.
CONSEQUENCES OF A BROWSER HIJACK
Most browser hijackers turn user’s usual web surfing into a real nightmare. Popular and often visited sites are blocked, web browser’s security is on the minimum level, Internet searches do not go through powerful search engines, required information cannot be accessed. All these problems are common consequences of a browser hijack. A typical parasite severely complicates user’s work and decreases his productivity.
Browser hijackers also affect the system and installed software. Parasites cause web browser instability issues, frequent errors and overall performance problems. Some reputable applications and browser plug-ins may be also affected by browser hijacker activity.
Some parasites violate user privacy. They disclose user’s personal information to advertisers and even hackers. Malicious persons use browser hijackers to track user activity in the Internet, find out their victim’s name, contact information and even steal priceless identity data, which then can be used for unclear purposes.
Browser hijackers that are associated with pornographic resources set adult web sites as home or search pages. Such behavior not only shocks a user, but also may cause some serious troubles. There are real examples of people who have lost their jobs because of explicit content found on their computers at work.
HOW TO REMOVE A BROWSER HIJACKER?
As it was said above most browser hijackers are quite similar to spyware and adware threats and therefore cannot be removed with the help of popular antivirus products. To remove them special anti-spyware tools (spyware removers) should be used. These programs scan the system in similar way as antivirus software does. However, they have special parasite signature databases, which allow them to detect and eliminate most privacy risks. Powerful spyware removers include real-time monitors that prevent the installation of known risks and unauthorized system modification. The most effective and popular anti-spyware programs are Microsoft AntiSpyware Beta
, Spyware Doctor
, Spybot - Search & Destroy
, Ad-Aware SE
, eTrust PestPatrol
. Several products such as HijackThis or CWShredder are designed especially to detect and remove browser hijackers.
In some cases even a spyware remover can fail to get rid of a particular parasite. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult task for novices.