36. Update to foil browser
hijacking
By Mark Alberstat
A recent Mousepad column focused on spyware
lurking in your Windows-based machine. As bad as spyware can be, another
sector in the malicious software industry that has become more prominent
in recent months is browser hijacking. Just like its airline namesake,
hijacking can take you, and your machine, places you don't want to go.
Browser hijacking occurs when your browser's homepage, the Internet page
it opens when you first turn on the Internet, changes from the one you set
to a completely different one and you have difficulties setting it back.
This hijacking also often corresponds with the appearance of a higher than
usual number of annoying pop-up ads. A list of new favourites will appear
as well, almost all of which point to sites you did not want or intend to
visit.
In most cases the hijacker will make changes to your Windows registry.
These changes will cause your homepage to revert back to the one the
highjackers want it to, even after you manually change it under the
Tools/Internet Options menu item.
Another nasty thing that some hijackers do is change the HOSTS file on
your computer. This is a file, which many people don't know about, that
maps website URLs to a numbered address - the website's real computer
identifier.
These changes typically redirect any website you type in to one they want
you to view, or even keep you from visiting certain sites, such as
ad-removal program update sites.
Most hijacking actually is allowed onto your machine through an invitation
process. This happens when the hijackers use Internet Explorer's (IE)
ability to run ActiveX scripts from a website.
To do this, however, these programs require your permission to run, so an
official-looking box pops up asking if you want to install the program.
One inattentive moment or a casual clicking of the Yes button allows these
villains into your computer.
Other hijackings, however, take advantage of security holes within IE,
often using well-known security holes that users have failed to correct
with patches or updates.
The first, and best, way to avoid browser hijacking is by keeping your
system up-to-date. The Windows update feature should be used on a regular
basis to avoid many problems, including hijacking.
Windows XP has an automatic update function, as does Windows 2000, if you
have service pack 3 installed.
Despite the doom and gloom of hijacking threat, the good news is that
there are tools to help those being held hostage. The two most popular are
Hijackthis and CWShredder. Hijackthis creates a list of changed registry
and startup entries and then allows you to delete them if you think these
are the items giving you your troubles.
CWShredder, on the other hand, has been created to target one specific
variety of hijacker, or Trojan program, called Coolwebsearch, which is the
most commonly found hijacker roaming the Internet today.
Coolwebsearch is also one of the most difficult to remove and doing so
without this tool can be next to impossible for most novice computer
users.
One caveat, however, is that after downloading CWShredder, go into the
configuration menu and make sure you have the most recent version.
With these programs at your disposal, and your system updated, browser
hijacking could become just a minor threat that users have to put up with
while surfing the Internet.
Here are links to software mentioned in this column:
windowsupdate.microsoft.com
www.spychecker.com/program/hijackthis.html
www.spywareinfo.com/~merijn/cwschronicles.html
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca. If we use your question in
a column, we'll send you a free mousepad.
Originally published 13 June 2004
