Internet Security

Browser hijacking, it COULD happen to you!

While many computer users feel secure knowing that their anti virus program is up to date, there are other expanding security threats not likely to be caught by popular anti virus programs because they are not viruses. Often, it is the unsuspecting computer user him / her self that unknowingly chooses to download and execute the suspect code by clicking on a link in a banner or pop up window. Many such threats involve recent variants of a browser hijacker (aka "spyware" or "trojan") generally referred to as a BHO exploit. BHO exploits use a malicious program that is thought to exploit known operating system security flaws in order to redirect or "hijack" a users browser to a website or server of the hackers choice (without input from the user). There are also desktop hijackers that display an HTML document as wall paper on the user's desktop. Such a program can install itself when an unlucky user happens to visit a suspect website. Generally a pop up ad would be used to load a small javascript program, which in turn loads an executable program designed to run the next time the computer restarts. Once installed, these hijack programs can disable anti-virus programs, reset Internet browser start and search page settings (among other system settings) and can also encrypt those URL's by converting letters into an illegible string of numbers and % symbols. The encrypted URL's hide the domain name from the user in order to make it difficult to identify or blacklist the offending domain. The hijack program can decrypt the URL string on the fly in order to load the hijackers choice of websites. The hijacked browser can then be used to further expose the computer to any number of threats from suspect websites or servers. (Suspect sites are thought to include numerous and often changing "search" variants including "adult search" themes). Desktop hijackers will often display alert message boxes telling the user that the computer is infected with links to websites offering fictitious virus removal services for a fee. If you suspect you may have a hijacker on your computer, do not click on any links offering virus removal services, and do not use your credit card to purchase any anti-virus software online unless you are absolutely certain the website is genuine.

Q. What motivates hijackers? Why my computer?

A. There may be an affiliate relationship whereby the website associated with the browser search hijack would pay the suspect site for each visitor they refer (there could be other domains involved). Hijackers may also be seeking personal information for use in identity theft.

Q. What are the symptoms? Can I repair it myself?

A. The most noticeable symptom is a severe system slow down while online. Other symptoms include unwanted changes to home or search pages, illegible URL's, excessive pop-ups or pop-unders and new browser windows suddenly opening (while online). Can I repair it myself? Unfortunately, not likely. Like viruses these programs tend to make numerous changes to core system files or system settings.


Although the programmers (or reprogrammers) of malicious programs have released several variations of browser or desktop hijacks over the years, it maybe hard to catch a live install now because most of the offending servers have been identified and shut down. Several operating system or browser patches have been issued to address the problem. However patches may or may not reverse changes to the system made by such programs and infected computers may remain symptomatic and vulnerable to some extent until professionally evaluated and repaired.