Ancestry Magazine

Browser Beware

If your web browser is doing strange things lately, you may be a victim of a new PC problem—virtual hijacking.

There is a new and insidious threat lurking on the Internet these days. While you are casually surfing the Web, some unscrupulous webmasters have laid a trap for you that is camouflaged as a desirable link. Clicking on a deceptive link may cause your web browser to be hijacked.

Control Over Your Browser
Hijacking occurs when an inno- cent web user clicks on a link which, unbeknownst to the user, downloads software onto his or her PC. The software then takes control of various features and actions of the web browser. This is sometimes called “drive-by downloading.”

The most basic form of hijacking changes your default Internet homepage to one the perpetrators want you to see. (Sometimes even the 404 error pages that are displayed when a given website cannot be found are hijacked to show what the hijacker wants you to see.) Hijackers do this to guarantee traffic to their website or search facility, which increases their advertising re venues.

In the simplest cases, these changes can be countered by going into your browser’s Internet Options and changing the defaults back to what you want them to be. Unfortunately, this does not always work as some hijacking software actually makes modifications to your Windows Registry, which auto- matically returns the defaults to the unwanted sites each time you reboot your PC. Editing the Registry yourself is always done “at your own risk,” according to Microsoft, so getting the misleading entries out of the Registry is fraught with system-stability peril. In addition, some forms of hijacking also load software that can automatically re-edit the Registry to ensure that the unwanted defaults stay in place. No matter how many times you change your original browser settings back and fix your Registry, the unwanted webpage defaults return. Some of these hijackings are nearly impossible to remove manually due to their complexity.

Signs and Portents
Aside from the very obvious clues of a changed home page or changed search preferences, one of the main symptoms of your web browser being hijacked is seeing pop-up advertising on familiar websites where you have never seen such ads before.

If you visit your genealogy favorites and suddenly a pop-up window floats on top of the site advertising low long- distance rates or something worse, it may not be that that genealogy site has added the advertising. It might be your hijacked browser making those ads appear.

One of the most common mis- conceptions in the Internet world is that pop-up, pop-under, or any other type of “new window” advertising is exclusively under the control of the web pages you visit. While the webpage could be generating such ads, your browser is likely being instructed to display this advertising by software that has been surreptitiously loaded onto your PC. Some companies actually make a business of selling adverti sing generated by your browser when you surf to specified websites.

Another symptom of potential hijacking is system instability. Odd errors, unexpected shut-downs, and other unstable behavior from your PC while you are running your web browser can be an indication that you have hijacking software interfering with the operation of your PC.

No, It’s Not Okay
One of the most basic things you can do to prevent hijacking is not to click OK to everything you are offered in message boxes while you are surf-ing. Read the message carefully and if you have any doubt about what is being proffered, click No. This will at least protect you from the polite hijackers who have the courtesy to ask first before messing up your browser. By saying “no” to Internet message boxes, you can avoid a world of hurt.

One of the more radical ways to prevent browser hijacking is to change browsers. Browser hijacking is nearly exclusively targeted against Microsoft’s Internet Explorer, the dominant web browser on the market. By using a different browser such as Netscape,Mozilla, Opera or others, you can avoid most browser hijackings.

If you don’t want to change brows-ers, keep your operating system and browser software current by down-loading and installing the most recent security patches. Many hijackers uti-lize security holes in either the operat-ing system or the browser software to exploit your PC. By staying current with the latest security patches, you can foil many of the hijacking attempts you may be exposed to. Microsoft’s Downloads website is located at www.microsoft.com/downloads.

Recovery
Avoiding hijacking can be difficult no matter how vigilant you are. If you believ e that your browser may have been hijacked, the first thing to do is to educate yourself. Several online forums are devoted to hijack-ing exploits. SpywareInfo at and ComputerCops are two good places to go to ask questions and get more information.

As mentioned earlier, manually recovering from a hijacking can be nearly impossible. Fortunately, there is software that can assist you in recover-ing. Spybot Search & Destroy at is a good all-around spyware detector and remover. (Spyware is a general term for software programs loaded onto PCs that surreptitiously monitor our online actions. It is usually used to gather data about potential website customers.) In addition to finding and eliminating spy-ware, Spybot Search & Destroy will find and eliminate hijacking software. Spybot is software you run when you suspect that you’ve been hijacked. It scans your entire system looking for known exploits and then gives you the option of eliminating them automati-cally. When using Spybot, be sure to keep current on the software’s latest updates as new exploit detection is added frequently.

Browser Hijack Blaster is another freeware download pro-gram. This one works in the back-ground, continuously monitoring for known hijack attempts. Browser Hijack Blaster monitors your Internet Explorer homepage, default page, and search page to detect any changes to them. If changes are made, Browser Hijack Blaster informs you and asks if you want to keep the new change or not.

Yet another freeware download is Hijack This. Hijack This reviews key areas of your Windows Registry and file system. Hijack This is run after a potential hijacking and will list all of the changes made to your Registry and critical files. Hijack This lists all changes in a log—whether they a re benign or a potential exploit. It is up to you to determine the entries you want removed. This can be a very dangerous thing to do as it is often dif-ficult to tell a legitimate entry from a hijack exploit. Hijack This is designed to be used by knowledgeable users. An online forum is available to get volunteer assistance in determin-ing whether an entry in your Hijack This log is a potential threat or not. You really need to know what you’re doing before you delete any Hijack This log entries.

Start Page Guard is another freeware program that detects and prevents changes to your homepage and searchpage defaults. It is really a one-trick pony and does not protect against or recover from all possible hijackings.

Spyware Sweeper is a program that, like Spybot Search & Destroy, is primarily designed to block spyware but also functions against hijack exploits. It is download-able for $29.95. Spyware Sweeper runs continuously as a background process to catch potential spyware and hijack-ing software before it is downloaded to your PC. Spyware Eliminator is another commercial offering that works against hijacking and can be downloaded for $29.99. The major anti-virus software vendors such as McAfee and Symantec are already mov-ing into the anti-spyware market and will soon be adding anti-hijacking functionality to their programs.

When confronted with a hijack-ing, your best option is to use several of the above programs in conjunction with one another. This helps ensure that any hijack exploits not caught by a single anti-hijacking program will likely be caught and deleted by the others that you use. For example, in a recent hijacking at the Howells house-hold, we used Hijack This and Spybot Search & Destroy as free programs and purchased Spyware Sweeper to use as an ongoing preventative measure.

Browser Piracy on the High Internet
There is a very good chance that you or someone you know will have their web browser hijacked in the near future. Unfortunately, there are only a few steps you can take to keep your browser hijack-free. Just like computer virus authors, the hijackers continue to modify their exploits to stay one step ahead of the anti-hijacking soft-ware. The basic design of the PC is at the core of this problem. It is unable to recognize the difference between changes we want to make on it and changes malicious software makes against our will.

Hijacking, spyware, and other Internet exploits that change the way your PC functions will continue to be a problem. Legislators are only now taking up the problem and attempting to pass laws against this sort of obnox-ious harm done to Internet users. As always, it will take time for the laws to catch up with technology. In the meanwhile, be careful what you click on.

Mark Howells thinks before he clicks at markhow@oz.net.

Email This Post

Ray Kozusko: Gosh, Lisa, I was supposed to get back to you months ago. My apologies. If I can still get in touch with...
Dianne M. Lowe: Hi Valerie Holladay; it seems we are related! My name is Dianne Lowe. About a month ago, I was...
Roberta Fireman: Dear Ms. Hatcher: I am looking for a panoramic photo taken in September, 1913 in Decatur, IL by...
Janie Johnson: Dollie Parks was born in 1900. She worked 71 years before she retired. She does not take any...
Cory Shellman: I’m an ordinary joe as well, and while I don’t want to claim fame for something that I had...

Browser Beware

Leave a Reply

You Said

On the Web

Recent Articles

Recent Comments