fortypoundhead.com

Home Page Hijacking with BHO

Posted On 2011-05-30 by FortyPoundHead
Keywords:
Tags: Security Tip Internet Explorer Windows
Views: 825


Internet Explorer has a way for a website to add itself to the list of favorites. Itís a feature Microsoft added so that websites can have a button that says "Bookmark This Site! Just Click Here!"

Now, if thatís all that particular feature did, then there wouldnít be any malware concerns over it. Unscrupulous programmers have taken advantage of it to create Home Page Hijackers.

In a nutshell, a Home Page Hijacker is a program that reaches into your browser and changes your homepageÖwithout your permission. You might think, "Thatís easy enough to fix, just change my homepage back and everything is fine."

Unfortunately, the Hijacker wonít let you get away with that, thanks to a BHO, or Browser Helper Object.

The BHO is a chunk of code that gets added to the browser. Itís meant as a quick and easy expansion to the browser, but when malware programmers get their hands on it, it becomes something a lot more sinister.

A Homepage Hijacker will both change the homepage and bookmarks, and install a BHO. The "helpful" BHO has been programmed to make sure the homepage hijacker sticks around.

What this means is, every time the computer is rebooted, and/or every time the browser is started, the BHO kicks in for just a second.. It "restores" the bookmark file and homepage setting.

Homepage Hijackers, with their associated BHO modules, have been known to change the homepage, remove entries from bookmarks, add anywhere from one to hundreds of bookmarks, and even change the default search settings. This way, when a user misspells a web site address, instead of seeing the usual IE "I can't find that" page, he sees an ad-covered search page.

At their worst, homepage hijackers force the user to go through their web sites and search engines to get to any site on the 'net.


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.198.233.27

Before you can post, you need to prove you are human. If you log in, this test goes away.



Recent Forum Posts

Fold Code Manager into main KB?
VB6Boy posted on July 22, 2017 at about 14:42 in Site News

Fold Code Manager into main KB?
dwirch posted on July 22, 2017 at about 14:41 in Site News

Fold Code Manager into main KB?
dwirch posted on July 21, 2017 at about 22:46 in Site News

Fold Code Manager into main KB?
dwirch posted on July 20, 2017 at about 7:55 in Site News

Job Spammer: Sam Mallon
dwirch posted on July 18, 2017 at about 18:36 in Spammers

When setting up a certificate authority ...
dwirch posted on July 13, 2017 at about 9:07 in General