9.06.2003

Encounter with Web Browser 'Hijacking'


It's a relatively benign nuisance in comparison to other types of 'hijackings', so the label is perhaps a bit hyperbolic, but there is a spreading phenomenon known as a Web browser hijacking. By visiting an unscrupulous URL or clicking a hyperlink in a spam email, you can actually lose control of your web browser. Most of these attacks victimize users of Microsoft's Internet Explorer. The attacking code exploits security holes in the browser to reset your prefered home page, add links to your Favorites list and, most dramatically, remove tabs from your IE Internet Options panel. With that last step, the attacker prevents you from resetting your browser options -- a very effective technique to force a few extra page views to their site, until you reinstall your system software in desperation or discover a simpler solution.

So this actually happened to me yesterday -- the hijacking attack changed my default home page to an ad supported portal page, and removed the General Tab under my IE browser's Internet Options, thus preventing me from resetting my homepage back to the original URL ('blank', in my case).

After a few hours of fumbling around the Web, trying to figure out what happened to my computer and how to describe it for a search query, I converged on the following explanations:

http://www.spywareinfo.com/articles/hijacked

http://www.geekgirls.com/net_hijacked.htm

http://support.microsoft.com/default.aspx?scid=kb;en-us;q320159

Oddly, the best solution came not from Microsoft's support site, but from SpywareInfo, and their amazing online forum, combined with a shareware program provocatively named HijackThis. Volunteers on the SpywareInfo forum have assisted thousands of individuals across the Internet to combat a dizzying array of Web-related programmatic attacks which fall outside the realm of 'viruses' per se.

Following the recommendations of SpywareInfo, I repaired my IE web browser as follows:

[1] Downloaded and ran SpyBotSearch&Destroy

[2] Downloaded and ran HijackThis

Following the HijackThis instructions, I saved the resulting hijackthis.log report and posted it to SpywareInfo's online support forums for analysis by their forum monitors. These individuals inspect the log reports to identify improper Windows OS registry settings introduced by the hijacking attack. You can see the daily action at:

http://forums.spywareinfo.com/index.php?showforum=11

A forum monitor named Tony Klein responded within 30 minutes identifying the two fixes I needed to apply via the HijackThis application. After completing the fixes and rebooting, my IE browser was restored to health. I felt like I was just saved by a 'firefighter of the Internet'.

Life Lessons:

Though I hope never to encounter this nuisance again, the experience has been enlightening.

1. The best information and support on the browser hijacking problem came from non-professional sources, lacking financial compensation perhaps, but not lacking integrity and commitment.

2. In the same sense that 'bio-diversity' makes ecosystems more resilient, 'IO Diversity' may help protect our global information systems. The 'hijacking' attacks referred to above target vulnerabilities in the code base of Internet Explorer. Other Web browsers with different code bases are immune to these specific attacks. Perhaps variety in the code bases of browsers and all underlying software systems may be beneficial for reasons beyond maintaining economic competition.

1 comment:

Anonymous said...

On the notion of "IO Diversity" as a anedote to software virus attacks, a quote from:

http://slate.msn.com/id/2103152/

How Mozilla's Firefox trumps Internet Explorer.
By Paul Boutin
Posted Wednesday, June 30, 2004, at 11:03 AM PT

"Will Firefox make your computer hackproof? Even Mozilla's spokespeople stress that no software can be guaranteed to be safe, and that Firefox's XPInstall system could conceivably be tricked into installing a keystroke logger instead of Sun's Java engine. But for now, there's safety in numbers—the lack of them, that is. Internet Explorer is used by 95 percent of the world. Firefox's fan base adds up to 2 or 3 percent at most. Which browser do you think the Russian hackers are busily trying to break into again?"