"Prevention is always better than cure," says Davey Winder in his investigation of browser hijacking
Browser hijacking is alive and well but, rather than having your web browser diverted to Cuba, you’re much more likely to find yourself landing on some advert-sodden search engine you’ve never heard of.
Although you might have thought of browser hijacking as something that was a problem a decade ago, the truth is that the insidious process of replacing your homepage (or search page, or even error pages in some instances) with an interloper is still an issue.
Why would anyone want to do it? Well, whether it’s done as part of a malware attack or by an otherwise reputable company looking to build market share, the underlying reason is the same: increased web exposure equals increased bottom line. Yep, as with just about all cybercrime these days, money is the driving force.
The nature of a browser hijack is such that it’s usually pretty damn easy to spot when you’ve fallen victim to one as your web-browsing experience will change. The most common approach is to redirect you from your default search engine – be that Google or Bing – and force you to use a below-par service that you haven’t heard of and wouldn’t ever use out of choice.
Sometimes it can become obvious even before you attempt to perform a search, because the hijacker simply replaces your default homepage with one that hits you with banner ads and pop-ups instead. Perhaps the hijack that’s most insidious, and increasingly popular among cybercriminals looking to make a fast profit, is one where homepages, search engines and error messages are all hijacked so that a “malware infection warning” pop-up is displayed.
This of course leads you to those rogue antivirus software sting pages, where you end up parting with your cash for software to clear up a non-existent infection, and which nine times out of ten actually installs more malware on your machine.
Too obvious?
But what’s the real problem with such a hijack if it’s so obvious? Surely a savvy user would just pop into their browser settings and return things to normal? They might, but as soon as they restart their browser or reboot their machine the problem might return, since these hijacks write themselves into various places such as your hosts file or the system registry, for example.
Some of the more sophisticated attacks even employ rootkits to ensure they remain active after every reboot. Clearing up after a hijack is a lot more difficult than falling victim to one, especially since some of the more sophisticated ones will prevent your browser from visiting the most popular antivirus and security vendor sites, where you might otherwise be able to get help.
PC Pro reader Kim R knows only too well about the problems involved, as the following email reveals: “I generally run what I regard as a reasonably tight ship in using a well-rated antivirus and internet security tool (Norton IS) on an up-to-date version of XP SP3. That said, I usually run Spybot alongside my antivirus.
"I have not done so recently, and this may have been my undoing as I am a great believer in multiple overlapping layers as far as security is concerned. My recent problem was an infection of a search tool called Babylon that ‘magically’ managed to insinuate itself in all three of my browsers in one fell swoop. I use Firefox as my browser of choice, with IE for Windows Update and web development testing, as well as Chrome on occasion. What did surprise me was how pernicious this particular hijack was.
"Initially, I deleted the toolbar from Firefox. That still left the search toolbar defaulting to Babylon. Next, I found that I needed to delete software installed via Add/Remove programs and, finally, I needed to edit the Search tools under Firefox to remove all trace of Babylon. It had also affected IE and Chrome in a similar fashion, and in the end I just uninstalled and reinstalled these components. This has really been a bit of a wake-up call as far as my security goes.
"I think I’m reasonably capable to deal with most issues, however I think that someone with less experience is going to find it exceptionally hard to deal with this type of hijack, and in some cases will just put up with it. The possible consequences obviously don’t bear thinking about. One major issue is that I managed to allow all three browsers to be compromised by a series of activities that at no time alerted me to the fact that a piece of software was being installed on my PC, with no explicit acknowledgement by myself. Spybot is now being re-enabled with immediate effect.”
My advice is that prevention is always better than cure when it comes to any kind of security risk, and browser hijacking is no exception. This doesn’t only mean running up-to-date antivirus software, but something browser-specific that can monitor your web client of choice for any activity that might indicate a hijack.
Firefox extension
For Kim, as a Firefox user, I’d recommend the excellent BrowserProtect extension that does exactly what its name suggests. If you’re unlucky enough to fall victim to a browser hijack then you can try reconfiguring your browser options as sometimes this can work, especially if the hijack in question is at the commercial rather than malware end of the scale, and you may find, like Kim, that this works to some degree.
Reinstalling the browser can also work, but it’s no guarantee if you’re talking about a malware hijack. If the problem doesn’t go away, then seek professional help, using a friend’s computer if yours won’t let you visit the security vendors’ sites. Unlike the search sites that hijack your browser, Google is your friend, and a solution to your particular hijacking problem can usually be found with a little bit of search effort.
My advice is that prevention is always better than cure when it comes to any kind of security risk, and browser hijacking is no exception
Conversion Conversion Emoticon Emoticon