Browser Hijacking
Author: Michael Desrosiers
http://secure-it-consulting.com
The ongoing security shuffle for anybody using Microsoft keeps getting worse. Browser hijacking is as bad as it gets. Like MSBlaster, this form of deceit can take over your software silently and invisibly. Typically, users discover what has happened only after the actual hijacking has taken place. Their Internet Explorer home page and web searches have been switched to strange sites, pop-up windows follows them around, their lists of favorite sites have become a library of porn and none of these changes can be undone without registry tweaks.
These attacks differ from spyware invasions, which can have similar effects, in that victims never downloaded a program and then ran the installer. In some cases, the only mistake a user made was to allow what they thought was a change in home-page settings or an addition of a Web toolbar, not knowing that the site would do much more than that. Most often the problem can be attributed to going online with an unpatched version of Windows, allowing a hijacker's site to exploit an old vulnerability.
None of this has to happen. Beyond the usual benefits of running an up-to-date antivirus software and firewall program and regularly downloading Microsoft's critical updates, two of the biggest security flaws behind browser hijacking can be fixed with a pair of quick downloads and a third can be remedied by installing a better browser.
1. Stop sites from producing pop-ups - Not only will this make the Web vastly more pleasant, it will eliminate the ability of hijackers to badger you until you accept a software download or home-page switch. The easiest pop-up blocker to adopt is the free Google Toolbar. You can find it at
http://toolbar.google.com. You need to run Internet Explorer 5.5 or newer to get this feature. Or install any other browser, since IE is the only one around that still lets in pop-ups.
2. Update the Java software on your machine - Java lets you run entire programs in a browser window. It is designed with tight limits on what a Web-based application can and can't do. But these limits must be enforced by a virtual machine program that runs on your own computer, and the one Microsoft developed contained a couple of bugs that hijackers abuse. If you've been keeping your computer's software current, you should have a fixed version of this Microsoft virtual machine. But the better option is to download and install Sun's own free Java virtual machine at
www.java.com, which is safer and more current than Microsoft's software.
3. Kill ActiveX on your desktop - Developed by Microsoft to compete with Java, it allows a similar sort of Web interaction, but without any of Java's fail-safe limits. An ActiveX program in a web page can do anything that a regular Windows program could do on your desktop. For instance, windows update uses ActiveX to scan for unpatched components in your copy of Windows, and an ActiveX installer makes it easier to add Sun's Java software to Internet Explorer. But ActiveX is dangerous overall, since it depends on users to make the right call when they are presented with a "trusted" alert from IE. Once you click on the "yes" tab, the ActiveX program can anything.
Updates to IE have limited ActiveX's exposure, and an upcoming Windows XP service pack 2 update, will add still more restrictions. But it's wiser to use an ActiveX-free browser for everyday Web activity, using Internet Explorer for Windows Update and the occasional site that works only in IE.
For most people, the best IE replacement is a free copy of Mozilla, Mozilla Firefox or Opera.
http://www.mozilla.org
http://www.mozilla.org/projects/firefox
http://www.opera.com
If your computer has already been infected, your antivirus program or spyware software should clean it out. I have listed some below:
SpyWareGuard - (no longer available)
CWShredder -
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Whatever software you take with you on your tour through cyberspace, you also need to pack away some common-sense. Pushy cyber-salesmanship from a strange site deserves the same reception that a telemarketer at dinner time would get: "No thanks."
