Advertisement

Learn more about Winnipeg Free Press Advertising solutions

Beware Net hijackers who target home pages

Posted:

Advertisement

Advertise with us

'You've been hijacked," the technician at the help desk here at the Free Press told me. It all began last Monday morning. I came into the office, fired up my Windows PC and launched Microsoft Internet Explorer. My usual reason for going to the Web is to search for information, so, like many users, I have set up a search engine as my start page in IE. (To set an IE start page, go to Internet Options under the Tools menu and type in the URL for the site you want to come up first when you launch your browser.) My preference among Internet search engines is Google, the Canadian version, which allows you to search the entire Web or just Canadian sites. This can be very helpful when you are looking for uniquely Canadian information. So, my start page address (or home page, as it is sometimes called) is http://www.google.ca. Funny thing was, when I launched IE on this particular morning, I wasn't seeing the familiar Google start page. Instead, something called Searchex was there on my screen. It was clearly some bogus search engine that allowed me to look at a few limited subjects with an even more limited set of results that had nothing to do with what I was looking for. It seemed to be preoccupied with arranging dates and selling me stuff I neither wanted nor sought. Upon checking, I found that Google was still listed as my start page under IE Internet Options. I relaunched the browser. Searchex returned. I called our help desk and spoke to technician John Cherian. After I explained the issue -- as techs like to call problems -- Cherian told me I had been hijacked. Or at least my browser had been hijacked. It turns out, I had a parasite. Not a virus or a worm, but a parasite. A little research led me to learn that a parasite is actually "unsolicited commercial software" -- a program that installs itself on your computer without asking and that does something you probably don't want it to, for someone else's profit. According to Andrew Clover, a 27-year-old Englishman now living in Germany who maintains a parasite watch-dog Web site called doxdesk.com, the parasite problem has grown enormously in recent months. Many millions of computers are affected. Clover says this unsolicited software can plague you with unwanted advertising (adware); watch everything you do on-line and send information back to marketing companies (spyware); add advertising links to Web pages, for which the author does not get paid, and redirect the payments from affiliate-fee schemes to the makers of the software (scumware); as well as changing browser home page and search settings to point to the makers' sites (generally loaded with advertising), and prevent you changing it back (home page hijackers). Clover's Web site lists more than 70 known parasites and provides tips to get rid of them. Most parasites are only compatible with Windows and only affect the Internet Explorer browser. It was clear to Cherian that I had picked up the Searchex parasite -- a home page hijacker. Instead of directly changing my start page setting, Searchex uses an IE browser "helper object" to redirect browser windows. Clover says Searchex is bundled with NetSpeed software from Winstream.com, who are believed to be the authors of the parasite. NetSpeed claims to have the ability to speed up your Internet connection speed. The odd thing is, I have never visited the Winstream site nor downloaded NetSpeed. Clover says many parasites can load using the ActiveX installation option in IE. Microsoft has some Active X patches at www.windowsupdate.microsoft.com, but there are still a lot of security holes that Gates & Co. have yet to plug. "When a Web page includes a link to an ActiveX program, a window will appear asking (if) the user wishes to execute it. If 'Yes' is clicked (or if IE security settings are set lower than normal so that it never even asks), the software is allowed to run and can do anything at all it likes on our computer, including installing parasites." You should never click "Yes" to a "Do you wish to download and install..." prompt unless you are 100 per cent sure you trust the software. Sometimes sites (or pop-up ads) try to fool you into clicking "Yes" by stating that the software is necessary to view the site, or by opening endless error windows if you click "No", or claiming that the digital certificate on the code means it is safe. It means no such thing. Microsoft Authenticode means only that the company that wrote the software is the same as the company whose name appears on the download prompt, nothing more. Some of the really sleazy parasites, particularly home page-hijackers and diallers, execute by exploiting security holes in Internet Explorer so you never know about them until they are in place and causing you problems. Cherian used a free utility called SpyBot-S&D (for search and destroy), written by Patrick M. Kolla, to track down and remove the Searchex parasite on my computer. SpyBot is one of the better anti-spyware utilities available. In addition to identifying and removing Searchex, it uncovered 125 other potential problem files on my system in a search that took just over four minutes. The program is available at http://spybot.eon.net.au/. It gets high praise in the current issue of PC World magazine. My advice is to get SpyBot and use it often if you spend any amount of time on the Internet. After removing all the problems it found on the first search, I ran the program three days later and another seven turned up. paul.pihichyn@freepress.mb.ca

Read this article for free:

or

Already have an account? Log in here »

To continue reading, please subscribe:

Monthly Digital Subscription

$1 per week for 24 weeks*

  • Enjoy unlimited reading on winnipegfreepress.com
  • Read the E-Edition, our digital replica newspaper
  • Access News Break, our award-winning app
  • Play interactive puzzles

*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.95 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.

Monthly Digital Subscription

$4.99/week*

  • Enjoy unlimited reading on winnipegfreepress.com
  • Read the E-Edition, our digital replica newspaper
  • Access News Break, our award-winning app
  • Play interactive puzzles

*Billed as $19.95 plus GST every four weeks. Cancel any time.

To continue reading, please subscribe:

Add Free Press access to your Brandon Sun subscription for only an additional

$1 for the first 4 weeks*

  • Enjoy unlimited reading on winnipegfreepress.com
  • Read the E-Edition, our digital replica newspaper
  • Access News Break, our award-winning app
  • Play interactive puzzles
Start now

No thanks

*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.

Hey there, time traveller!
This article was published 23/02/2003 (8447 days ago), so information in it may no longer be current.

‘You’ve been hijacked,” the technician at the help desk here at the Free Press told me. It all began last Monday morning.

I came into the office, fired up my Windows PC and launched Microsoft Internet Explorer. My usual reason for going to the Web is to search for information, so, like many users, I have set up a search engine as my start page in IE.

(To set an IE start page, go to Internet Options under the Tools menu and type in the URL for the site you want to come up first when you launch your browser.)

My preference among Internet search engines is Google, the Canadian version, which allows you to search the entire Web or just Canadian sites. This can be very helpful when you are looking for uniquely Canadian information.

So, my start page address (or home page, as it is sometimes called) is http://www.google.ca.

Funny thing was, when I launched IE on this particular morning, I wasn’t seeing the familiar Google start page. Instead, something called Searchex was there on my screen.

It was clearly some bogus search engine that allowed me to look at a few limited subjects with an even more limited set of results that had nothing to do with what I was looking for. It seemed to be preoccupied with arranging dates and selling me stuff I neither wanted nor sought.

Upon checking, I found that Google was still listed as my start page under IE Internet Options.

I relaunched the browser. Searchex returned.

I called our help desk and spoke to technician John Cherian. After I explained the issue — as techs like to call problems — Cherian told me I had been hijacked. Or at least my browser had been hijacked.

It turns out, I had a parasite. Not a virus or a worm, but a parasite.

A little research led me to learn that a parasite is actually “unsolicited commercial software” — a program that installs itself on your computer without asking and that does something you probably don’t want it to, for someone else’s profit.

According to Andrew Clover, a 27-year-old Englishman now living in Germany who maintains a parasite watch-dog Web site called doxdesk.com, the parasite problem has grown enormously in recent months. Many millions of computers are affected.

Clover says this unsolicited software can plague you with unwanted advertising (adware); watch everything you do on-line and send information back to marketing companies (spyware); add advertising links to Web pages, for which the author does not get paid, and redirect the payments from affiliate-fee schemes to the makers of the software (scumware); as well as changing browser home page and search settings to point to the makers’ sites (generally loaded with advertising), and prevent you changing it back (home page hijackers).

Clover’s Web site lists more than 70 known parasites and provides tips to get rid of them. Most parasites are only compatible with Windows and only affect the Internet Explorer browser.

It was clear to Cherian that I had picked up the Searchex parasite — a home page hijacker.

Instead of directly changing my start page setting, Searchex uses an IE browser “helper object” to redirect browser windows.

Clover says Searchex is bundled with NetSpeed software from Winstream.com, who are believed to be the authors of the parasite. NetSpeed claims to have the ability to speed up your Internet connection speed. The odd thing is, I have never visited the Winstream site nor downloaded NetSpeed.

Clover says many parasites can load using the ActiveX installation option in IE.

Microsoft has some Active X patches at www.windowsupdate.microsoft.com, but there are still a lot of security holes that Gates & Co. have yet to plug.

“When a Web page includes a link to an ActiveX program, a window will appear asking (if) the user wishes to execute it. If ‘Yes’ is clicked (or if IE security settings are set lower than normal so that it never even asks), the software is allowed to run and can do anything at all it likes on our computer, including installing parasites.”

You should never click “Yes” to a “Do you wish to download and install…” prompt unless you are 100 per cent sure you trust the software.

Sometimes sites (or pop-up ads) try to fool you into clicking “Yes” by stating that the software is necessary to view the site, or by opening endless error windows if you click “No”, or claiming that the digital certificate on the code means it is safe.

It means no such thing. Microsoft Authenticode means only that the company that wrote the software is the same as the company whose name appears on the download prompt, nothing more.

Some of the really sleazy parasites, particularly home page-hijackers and diallers, execute by exploiting security holes in Internet Explorer so you never know about them until they are in place and causing you problems.

Cherian used a free utility called SpyBot-S&D (for search and destroy), written by Patrick M. Kolla, to track down and remove the Searchex parasite on my computer. SpyBot is one of the better anti-spyware utilities available.

In addition to identifying and removing Searchex, it uncovered 125 other potential problem files on my system in a search that took just over four minutes. The program is available at http://spybot.eon.net.au/. It gets high praise in the current issue of PC World magazine.

My advice is to get SpyBot and use it often if you spend any amount of time on the Internet. After removing all the problems it found on the first search, I ran the program three days later and another seven turned up.

paul.pihichyn@freepress.mb.ca

Advertisement Advertise With Us

Advertisement Advertise With Us

Report Error Submit a Tip

Advertisement

Learn more about Winnipeg Free Press Advertising solutions

Historic

LOAD MORE