fortypoundhead.com

Home Page Hijacking with BHO

Posted On 2011-05-30 by FortyPoundHead
Keywords:
Tags: Security Tip Internet Explorer Windows
Views: 855


Internet Explorer has a way for a website to add itself to the list of favorites. Itís a feature Microsoft added so that websites can have a button that says "Bookmark This Site! Just Click Here!"

Now, if thatís all that particular feature did, then there wouldnít be any malware concerns over it. Unscrupulous programmers have taken advantage of it to create Home Page Hijackers.

In a nutshell, a Home Page Hijacker is a program that reaches into your browser and changes your homepageÖwithout your permission. You might think, "Thatís easy enough to fix, just change my homepage back and everything is fine."

Unfortunately, the Hijacker wonít let you get away with that, thanks to a BHO, or Browser Helper Object.

The BHO is a chunk of code that gets added to the browser. Itís meant as a quick and easy expansion to the browser, but when malware programmers get their hands on it, it becomes something a lot more sinister.

A Homepage Hijacker will both change the homepage and bookmarks, and install a BHO. The "helpful" BHO has been programmed to make sure the homepage hijacker sticks around.

What this means is, every time the computer is rebooted, and/or every time the browser is started, the BHO kicks in for just a second.. It "restores" the bookmark file and homepage setting.

Homepage Hijackers, with their associated BHO modules, have been known to change the homepage, remove entries from bookmarks, add anywhere from one to hundreds of bookmarks, and even change the default search settings. This way, when a user misspells a web site address, instead of seeing the usual IE "I can't find that" page, he sees an ad-covered search page.

At their worst, homepage hijackers force the user to go through their web sites and search engines to get to any site on the 'net.


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.81.131.189

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers