Browser hijacking is the latest plague to hit the internet. It most commonly shows up as ad banners from dubious companies that suddenly appear during every visit online, even after the computer is restarted.
The problem is particularly common with Microsoft’s Internet Explorer web browser, which comes preinstalled on almost all Windows PCs. Users of other browsers or operating systems such as the Mac OS or Linux are much less frequently affected.
The most common form of browser hijacking involves switching a user’s designated home page to some advertising site, but this is unfortunately not the only form.
”In the worst cases, the hijacked browser simply cannot be used further,” says Stefan Gehrke, business director of the Mcert IT Security Centre in Berlin. Hijackings are usually the work of small programs known as Trojan horses that take advantage of security holes in computer systems and change the browser settings.
The most aggressive of these programs change all of the internet addresses stored in the browser, and even change manually entered addresses, to bring the user back to ad pages — in many cases pornographic in nature. The user is then unable to call up other pages at all.
Many Trojan programmers earn money by luring internet users to click on the web pages, and in these cases there are no real damages to the owner of the hijacked browser. In many other cases, however, the criminals are fishing for a much more lucrative source of income.
Diallers, little programs that dial toll numbers using the computer’s modem or ISDN connection, will try to make their way on to the computer using the hijacked browser.
”Once you determine that the browser has been hijacked, you shouldn’t click anything further on the page that has been called up,” warns Frank Felzmann from the German Federal Office for Security in Information Technology in Bonn.
Such pages can contain diallers as well as other active content that can cause damage to the computer. The hijacking itself poses no direct danger to the computer or the operating system, says Felzmann. It’s primarily an annoyance.
Trojans, however, are mostly contracted by visiting websites that are held on poorly secured servers.
”This shouldn’t happen on official internet pages from companies and organisations,” says Hendrik Fliermann, technical director at anti-virus manufacturer Panda Software.
In order to avoid falling into the hands of browser hijackers, Gehrke recommends keeping the computer system as current as possible and always downloading the latest software improvements, known as patches, from Microsoft’s internet site.
This function can be activated using the ”Windows Update” button on the Windows Start menu. It’s also advisable to download a second browser such as Firefox or Opera to act as a reserve.
Standard security measures against viruses should also be observed. This includes a current virus scanner, despite the knowledge that Trojans frequently make it past these security checkpoints. E-mail attachments from unknown senders should be deleted immediately, unopened.
”The installation of the Service Pack 2 for Windows minimises the risks of a browser hijacking,” says Johannes Hemmerlein, an expert for data security at Microsoft. Windows’ security architecture is fundamentally improved through this system update.
The Service Pack 2 can be downloaded from Microsoft’s internet site, or can be ordered for free on CD-ROM.
The most dangerous phase is the period after a security hole is found in the Windows system, yet before the software maker can prepare a corresponding patch to close the hole again.
Those who program browser hijackers often wait for this phase to try to infect a computer’s Windows registry, a type of database that stores all important settings for hardware and software that the operating system needs. Trying to repair this complicated system by removing entries made by Trojans is possible on one’s own, but not advisable.
”People usually make more of a mess than they fix,” Gehrke says.
The experts instead recommend using special programs designed to remove these entries, and the bad software itself.
Adaware from Lavasoft is just such a program. It is easy to use and can be downloaded for free by private users at www.lavasoft.com. The software tool ”SpyBot Search and Destroy” fulfils this mission as well. — Sapa-DPA