Browser hijacker
From Wikipedia, the free encyclopedia
A browser hijacker is a form of malware or spyware that replaces the existing internet browser home page, error page, or search page with its own. These are generally used to force hits to a particular website.
Contents |
[edit] Morwill Search
Morwill Search is a browser hijacker. It first redirects homepages to its website and begins to collect information on the computer.
[edit] CoolWebSearch
CoolWebSearch (CWS) was one of the first browser hijackers. It redirected the existing home page to the rogue CWS search engine, with its results as sponsored links. With most antivirus and antispyware programs unable to properly remove this particular hijacker, a man named Merijn Bellekom developed a special tool called CWShredder specifically to remove this hijacker. CoolWebSearch has since become a well known general name for any browser hijacker.
[edit] Profit
Many people believe that browser hijackers were designed for simple annoyance. Most hijackers redirect a page to force hits to their websites which contain ads. This then drives up the advertising cost for that website, thus profitting the site's webmaster.
[edit] Removal
Most new hijackers will not allow a user to change back to their home page through Internet Properties. Modern hijackers' settings will most likely return upon reboot, however, well-updated antispyware software will likely remove the hijacker. Some spyware scanners have a browser page restore function to set your page back to normal or alert you when your browser page has been changed.
[edit] Rogue security software
Some rogue security software will also hijack the start page generally displaying a message such as "WARNING! Your computer is infected with spyware!" to lead to an anti-spyware vendor's page. The start page will return to normal settings once you've bought their software. Programs such as WinFixer are known to hijack the user's start page and redirect it to the website.
[edit] Benign Features Confused With Browser Hijackers
[edit] Earthlink
In 2006, Earthlink started redirecting mistyped domain names over to a search page. This was done by interpreting the error code NXDOMAIN at the server level. The announcement led to much negative feedback, and Earthlink offered services without this feature.
