Browser Hijackers Ruining Lives. (spyware and malware)

[Destino]

http://www.wired.com/news/infostructure/0,1377,63391,00.html?tw=wn_tophead_2

Browser Hijackers Ruining Lives By Michelle Delio

Story location: http://www.wired.com/news/infostructure/0,1377,63391,00.html

02:00 AM May. 11, 2004 PT

Browser hijackers are doing more than just changing homepages. They are also changing some peoples' lives for the worse.

Browser hijackers are malicious programs that change browser settings, usually altering designated default start and search pages. But some, such as CWS, also produce pop-up ads for pornography, add dozens of bookmarks -- some for extremely hard-core pornography websites -- to Internet Explorer's Favorites folder, and can redirect users to porn websites when they mistype URLs.

Traces of browsed sites can remain on computers, and it's difficult to tell from those traces whether a user willingly or mistakenly viewed a website. When those traces connect to borderline-criminal websites, people may have a hard time believing that their employee or significant other hasn't been spending an awful lot of time cruising adult sites.

In response to a recent Wired News story about the CWS browser hijacker, famed for peddling porn, several dozen readers sent e-mails in which they claimed to have lost or almost lost jobs, relationships and their good reputations when their computers were found to harbor traces of pornography that they insist were placed on their computers by a browser hijacker.

In one case a man claims that a browser hijacker sent him to jail after compromising images of children were found on his work computer by an employer, who then reported him to law enforcement authorities.

"The police raided my house on Sept. 17, 2002," said "Jack," who came to the United States from the former Soviet Union as a political refugee, and has requested that his name not be published. "Nobody gave me a chance to explain. I was told by judge and prosecutor that I will get years in prison if I go to trial. After negotiations through my lawyer I got 180 days in an adult correctional facility. I was imprisoned for 20 days and then released under the Electronic Home Monitoring scheme. I now have a felony sex-criminal record, and the court ordered me to register as a predatory sex offender for 10 years."

Jack originally believed that the images found on his computer were from a previous owner -- he'd bought the machine on an eBay auction. But he now thinks a browser hijacker may have been responsible.

"When I used search engines, sometimes I got a lot of porn pop-ups," Jack said. "Sometimes I was sent to illegal porn sites. When I tried to close one, another five would be opened without my will. They changed my start page, wrote a lot of illegal porn links in favorites. The only way to stop this was turn the (computer's) power off. But when I dialed up to my server again, I started with illegal site, then got the same pop-ups. There were illegal pictures in pop-ups."

Several of the URLs that CWS injects into Internet Explorer's favorites list also appear in the arrest warrant and other materials from Jack's hearing. CWS works as Jack described -- changing start pages, adding to favorites, popping up porn. But CWS was first spotted several months after Jack's arrest, so it seems unlikely that this particular hijacker is the cause of his problems.

Security experts who were asked to review Jack's claims said it is possible that a browser hijacker could have been the reason porn images were found on Jack's computer. But they also pointed out some discrepancies in the story.

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.

He said that however the pornography arrived on Jack's computer, "the evidence wasn't handled properly, and his lawyer did not do his job."

Jack said he opted not to fight the charge because his lawyer told him he would probably receive a harsher sentence if he went to trial.

"They are very eager to get conviction," Jack said. "Nobody can fight those powers. I could hardly stay in jail two weeks. The cell is very small, the food is very bad. They let prisoners out only every other day for 3 hours. I do not know how people can stay in prison for years."

If the pornography was placed on Jack's machine by a browser hijacker, he's suffered far more than most victims of malicious software. Others who blame browser hijackers for placing porn on their computers have been luckier.

"I was almost fired after some sort of content-monitoring system that my ex-employer used on the network found several dozen dirty photos on my laptop," said Matthew Cortella, a sales representative based in Illinois. "I had no idea how that stuff got on my machine; I thought it'd been hacked.

"Eventually, thank God, IT found some program on there that they said could have caused the problem. But for eight days I was sure I'd be fired, and I was terrified. I have a family to support. Jobs aren't easy to come by these days."

"My wife and I separated for a time because she thought I was looking at porno," said Fred McFarlane, a store owner in Georgia. "We are religious people. She just couldn't be with me after she saw the pictures that were in our computer. I don't blame her. Even now, I know it's real hard for her to understand it was the computer that did it, not me."

Telling people that "the computer" is downloading pornography on its own often provokes smirks and disbelief.

"I have to say it's like insisting the dog ate your homework," said Jeff Bertram, a systems administrator in New York City. "Are you going to admit that you downloaded porn to your pissed-off spouse or employer? Or to a judge? Hell no, your honor, it wasn't me. The browser did it."

Jack said he would like to appeal his conviction, but knows it will be difficult to convince people that he didn't download the pornography found on his machine.

"The police found nothing in my house, you know, not even a Playboy magazine," he said. "Only in the computer. But most people do not understand that such a thing is possible, that the computer could have made this happen. Plus, with child pornography, people's reaction is only emotions and no thinking."

"I advise Internet users to be very, very careful," Jack added. "Committing a felony is very easy; it just takes one click."

Where the hell are our lawmakers when you need them? Bunch of out of touch stuffed suits should have made it illegal to use your property without your knowledge illegal long ago, that is what spyware and malware do; they use your PC without telling you about it.

[Hitman56]

This is how the law thinks of it: If a private person puts spyware on your computer, it is illegal. If a business does it, it is fine. This is rediculous. The law will lag behind technology for a while. But hopefully, this type of garbage will be cleaned off the net soon.

In my opinion, spyware, malware, and spam are a million times more disturbing than pornography on the net.

[Reaganaut]

I am pretty diligent on keeping crap off of my machines, but one called "Cool Search" had me stumped for days. I finally had to find a removal tool to get it off. It just kept reappearing over and over and over no matter how I changed the registry or searched to eliminate files. I want blood.

[Ghost of]

CWShredder holds it down on the cool web search hijacks.

Combine CWS, some knowledge of registry with HiJackThis! AdAware and Spyguard/SpyBlaster and you'll be ok, I think.

[NavyDave]

aadware, avg shield and spybot caught several trojans which had me busy yesterday

[Baculus]

Cool Search Bar is relatively common, and, for removal, involves uninstalling via the Add/Remove programs as well as deleting some registry entries. But, easier yet, I'd recommend the following *free* programs which will remove apps. such as Cool Search bar, among others:

SpyBot - removes spyware as well as some viruses: http://www.safer-networking.org/index.php?page=home

Ad-Aware - removes adware/spyware, and dataminig entries and components: http://www.snapfiles.com/get/adaware.html

AVG Anti-virus - a fantastic, free anti-virus program, which also includes a component for Outlook: http://www.grisoft.com/us/us_dwnl_free.php

Between using all three of these apps., (and a decent firewall), as well as updating your Operating System, you should be relatively secure from many maliscious issues.

p.s. In the time it took for me to write this post, I can see others had already mentioned these applications. Heh.

~B.

[skinamatic]

I use three tools and they keep my system completely clear. I use spybot search and destroy, CW Shredder,and Adaware 6 from lava soft. By using all three my system runs great and I dont grt popups. I even have noticed a decrease in spam mail. And something else that is cool try Ace Tune up Utilities, it has a registry cleaner, and system optimizer. It is a free thirty day trail. I liked it so much I purchased it. It also cleans orphaned files off of your computer.

[Destino]

All those tools posted are great tips, but the only thing better then a cure is to prevent infection in the first place.

STOP USING INTERNET EXPLORER.

Use mozilla instead and you'll notice that in your next deSpy cycle that you'll fine almost no spyware on your machine.

[Joe Sick]

Originally posted by Destino

All those tools posted are great tips, but the only thing better then a cure is to prevent infection in the first place.

STOP USING INTERNET EXPLORER.

Use mozilla instead and you'll notice that in your next deSpy cycle that you'll fine almost no spyware on your machine.

True dat!

I use Mozilla Firebird and have used it for about 8 months now. Built-in popup blocker, so I don't think I have had a pop-up since. Also has a cool add-on that blocks flash ads. You have to actually click on the ad to see it.

Word of warning. DO NOT uninstall IE on XP. It will screw up your search function and you'll have to do updates manually, since it is so tied into the Windows OS. Just stop using that junk.

And I use Eudora for email. Maybe not as pretty as Outlook, but it gets the job done.

[funnyperson1]

Originally posted by Destino

All those tools posted are great tips, but the only thing better then a cure is to prevent infection in the first place.

STOP USING INTERNET EXPLORER.

Use mozilla instead and you'll notice that in your next deSpy cycle that you'll fine almost no spyware on your machine.

Can't argue with that. I haven't had spyware troubles in a long time because my usage of Firefox combined with ad aware and spybot keep me clean.

However, within seconds of using IE to view a site which wasn' t working right in firefox I had that damn search bar.

Screw M$.