Help      |      Chebucto Home      |      News      |      Contact Us     

36. Update to foil browser hijacking

By Mark Alberstat

A recent Mousepad column focused on spyware lurking in your Windows-based machine. As bad as spyware can be, another sector in the malicious software industry that has become more prominent in recent months is browser hijacking. Just like its airline namesake, hijacking can take you, and your machine, places you don't want to go.

Browser hijacking occurs when your browser's homepage, the Internet page it opens when you first turn on the Internet, changes from the one you set to a completely different one and you have difficulties setting it back.

This hijacking also often corresponds with the appearance of a higher than usual number of annoying pop-up ads. A list of new favourites will appear as well, almost all of which point to sites you did not want or intend to visit.

In most cases the hijacker will make changes to your Windows registry. These changes will cause your homepage to revert back to the one the highjackers want it to, even after you manually change it under the Tools/Internet Options menu item.

Another nasty thing that some hijackers do is change the HOSTS file on your computer. This is a file, which many people don't know about, that maps website URLs to a numbered address - the website's real computer identifier.

These changes typically redirect any website you type in to one they want you to view, or even keep you from visiting certain sites, such as ad-removal program update sites.

Most hijacking actually is allowed onto your machine through an invitation process. This happens when the hijackers use Internet Explorer's (IE) ability to run ActiveX scripts from a website.

To do this, however, these programs require your permission to run, so an official-looking box pops up asking if you want to install the program.

One inattentive moment or a casual clicking of the Yes button allows these villains into your computer.

Other hijackings, however, take advantage of security holes within IE, often using well-known security holes that users have failed to correct with patches or updates.

The first, and best, way to avoid browser hijacking is by keeping your system up-to-date. The Windows update feature should be used on a regular basis to avoid many problems, including hijacking.

Windows XP has an automatic update function, as does Windows 2000, if you have service pack 3 installed.

Despite the doom and gloom of hijacking threat, the good news is that there are tools to help those being held hostage. The two most popular are Hijackthis and CWShredder. Hijackthis creates a list of changed registry and startup entries and then allows you to delete them if you think these are the items giving you your troubles.

CWShredder, on the other hand, has been created to target one specific variety of hijacker, or Trojan program, called Coolwebsearch, which is the most commonly found hijacker roaming the Internet today.

Coolwebsearch is also one of the most difficult to remove and doing so without this tool can be next to impossible for most novice computer users.

One caveat, however, is that after downloading CWShredder, go into the configuration menu and make sure you have the most recent version.

With these programs at your disposal, and your system updated, browser hijacking could become just a minor threat that users have to put up with while surfing the Internet.

Here are links to software mentioned in this column:

The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 13 June 2004


Our community is online here!


A feature of the Halifax Herald