Posted at Thursday, June 17, 2004 EDT
Browser hijackers can leave users flummoxed
Special to The Globe and Mail
A nasty and increasingly common type of malicious software known as a ''browser hijacker'' is commandeering computers and messing with their settings -- and in some cases, harming reputations.
These tiny ''malware'' programs can arrive in e-mail and downloaded files, or latch on to a browser while a website is being viewed.
Browser hijackers aren't new. Often employed as an on-line marketing tool, they were originally a minor nuisance because they changed a few browser settings, such as a user's start page.
However, new strains -- including CoolWebSearch and its many variants -- have added such things as bogus bookmarks, pop-ups and website redirects to their arsenal.
"You can tell if you have one because your browser will start behaving differently," said Greg Weir, webmaster of Toronto-based software clearinghouse Tucows.com. "You'll get new favourites, which you may not be able to delete, a new home page, and you may also get pop-ups that can stay open even after you quit the browser."
The Web pages that are involuntarily opened often feature hardcore pornography, including images that are illegal to possess or distribute in some countries.
Traces of these images and details about pages visited can remain in the computer even after people leave the site and turn the machine off.
"When my wife saw those pictures on my computer she got very angry, to say the least," said Josh Burns, a sporting goods store manager in Houston whose system was hijacked.
"It took a lot of explaining and calming down just to keep her from throwing all my possessions on the front lawn."
Although CoolWebSearch and its variants generally do little more than annoy or embarrass victims, hijacking has led to more serious consequences for some.
A widely reported case in the United States involves an eastern European immigrant, identified only as "Jack," whose work computer was found to contain evidence of child pornography. He now has a criminal record. He is still fighting to have the charges overturned, claiming he was the victim of a browser hijacker.
In another case, engineer Adeel Lari was fired in 2002 by the Minnesota Department of Transportation after technicians found pornography on his computer. Mr. Lari, who denied knowledge of the images, was rehired recently after a judge ruled that there was no proof he voluntarily accessed the images. The subject of browser hijackers was raised by his defence attorneys.
"How can police or so-called 'expert witnesses' know whether images found on a hard disk are there because the owner deliberately sought them out, or because of either accidental acquisition or hijack?" asked Dublin-based privacy advocate Brian Rothery.
Meanwhile, people who really are breaking the law may start using browser hijackers as a convenient excuse, experts say.
"Soon, everybody with porn on their computer will be saying 'the browser did it,' " said Greg Hriniak, a New York City systems analyst. "Or would you rather tell your employer or your girlfriend that you downloaded it?"
And hijackers are becoming more common on the Internet.
"If you run Linux, you're pretty safe. If you're on a Mac you probably won't get a hijacker. If you're on Windows, it's hard not to," Tucows.com's Mr. Weir said. "It often comes through e-mail, but can spread through the Web or especially through P2P software -- Kazaa is crawling with them."
On-line discussion groups are teeming with people looking for help, often horrified at what has happened to their computers and at the objectionable material dredged up by a hijacker. The results of a hijacking can be embarrassing, whether at work or home.
"I didn't really see anything that I think was illegal, but it was pretty disgusting," said hijacking victim Michelle Williams of Hamilton. "The worst part was that I lost control of my computer. I saw what the hijacker wanted me to see, not what I wanted."
And browser hijackers are getting smarter. Some new strains are sophisticated enough to surreptitiously download regular updates to their code that combat anti-virus and anti-spyware programs. They can even keep a computer from accessing certain websites that provide advice and software for removing hijackers.
"If you notice that your anti-virus software has been disabled, you're probably infected," Mr. Weir said.
For those who fall victim, there are programs that can remove hijackers. Tucows.com offers 21 titles that combat them, ranging in complexity and effectiveness.
"Spysweeper can eliminate CoolWebSearch," Mr. Weir said. "It's our third most popular anti-spy software -- the only two more popular happen to be free."
Hijack victim Mr. Burns used a program called CWShredder to free his system after calming down his irate spouse.
"I don't know where I'd be without it," he said.