Spigot browser hijackers

Spigot browser hijackers

There is a large family of Spigot browser hijackers that all have a lot in common. So by giving you a description of them we hope this will help you to avoid any similar and new ones that might come along.

Targeted browsers

For some, but not all browser hijackers in this family there are extensions for Firefox and Google Chrome. In Internet Explorer they change the default Search Provider and the startpage. Trying to install the PUP on Edge will get you nothing but an “Unsupported Browser” notice.

Recognizing the sites The websites where these hijackers can be downloaded will show you the EULA —

–explaining to you, “the User”, what the downside of installing “the Software” might be.

The Software is a free desktop application that offers you direct links to websites from your new preferred homepage and saves your new preferred home page and/or new tab page. When we set your Browser’s settings using the Software, they will be saved automatically on Chrome™, Firefox®, and Internet Explorer®. As part of the installation process of the Software, we may change your Internet Browser settings and/or provide you with the ability to opt to make changes to your Internet Browser settings.

Download locations

Downloads typically come from proinstall-download[dot]com or report-download[dot]com (both blocked by our Web Protection module). Both of these domains are registered with GoDaddy (no surprise there!).  The download location changed not too long ago.

It used to be secure[dot]fileldr08[dot]com and from the screenshot above you can see why we categorized these browser hijackers as PUP.Optional.Spigot. Worth noting is that after they switched away from the above download location, I was unable to install the extensions on Google Chrome. It failed to download and offer the extension. But this got fixed after a few weeks.

The startpage

The new startpage for the affected browser is a typical search page with a toolbar and some shortcuts, pointing to sites where you can find the information or functionality that the hijacker promised to provide, supplemented by local weather and social media links.

Installation guidance

Another typical behavior, that these hijackers copied from the likes of

 

Removal guides

You can find some examples among the removal guides on our forums:

Summary

Spigot browser hijackers of this family are easy to recognize and in our opinion hardly worth installing because they add no more functionality than a few bookmarks. We hope this post helps you to avoid them in the future.

As always: Save yourself the hassle and get protected.

 

Pieter Arntz

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.