Browser hijackers, or simply hijackers, are a type of malware created for the purpose of modifying Internet browser settings without the user’s knowledge or consent. Typically, hijackers change the homepage and default search settings. However, some are known to inject advertisements—thus, they are qualified to be called adware, automatically redirecting users to potentially malicious destinations when they visit certain sites, and sometimes making drastic changes to the affected system. Some hijackers also contain keyloggers, which are capable of recording user keystrokes to gather potentially valuable information they enter into websites, such as account credentials.
It is believed that browser hijackers may have originated from a group of software companies in Tel Aviv, Israel, called Download Valley, which produce software that monetizes free software. Some of the software these companies produce are adware, spyware, and hijackers.
Common infection method
The majority of hijackers come in the form of toolbars that are bundled with free software and served in third-party sites. At times, they arrive on systems via embedded code within the visited site, pop-up or pop-under ad windows, or even via malware as part of its payload. On rare occasions, they come as legitimate programs.
Some of the most popular hijackers known on the Web are the Babylon Toolbar, Conduit Search or Search Protect, CoolWebSearch, SourceForge Installer, OneWebSearch, Snap.do, and Sweet Page.
Browser hijackers can be fairly easy to remove. Installing and running antivirus or anti-malware software on the user’s affected system can automatically delete all associated files and modifications on the registry. Automated tools are usually used to counter persistent hijackers; however, for other variants that typically only handle browser settings, users can manually re-customize themselves. Making manual repairs to the affected system is not recommended for regular users, as risks are associated to tinkering with the system registry and HOSTS file.
Some browser hijackers are programmed to make certain modifications beyond the browsers, like changing entries on the registry. Doing so allows it to persistently remain on the system it is affecting, and removing it will be a challenge. Hijackers can also cause instability on systems and severely disrupt user experience, especially when they bombard users with ads and redirect users to sites they would not normally visit themselves.
Keeping all installed software updated plays a role in the preventing browser hijackers from getting installed. It also pays to be attentive in the installation process of certain software downloaded from third-party sites. Most hijackers (and bundled software in general) require user permission before they can install themselves. However, the current trend is that full installation of the desired program and its extra programs take place, whether users explicitly opt out or not.