For Windows Users, 'Browser Hijacking'

[Guest LilBambi]

For Windows Users, 'Browser Hijacking' Is Only the Latest Threat

The ongoing Internet-security freakout for anybody using Windows keeps getting worse. Every other week yet another part of the online world gets a warning label slapped on it -- downloads, e-mail attachments, instant-messaging file transfers and now Web pages themselves. "Browser hijacking" is as bad as it gets: Like the Blaster worm, this form of trickery can take over your software silently and invisibly.

[Rons]

Thanks Fran!

[nlinecomputers]

Boy that link is going on my frontpage. Great article. May have to send it to many of my clients as well.

[Cluttermagnet]

For Windows Users, 'Browser Hijacking' Is Only the Latest Threat

The ongoing Internet-security freakout for anybody using Windows keeps getting worse. Every other week yet another part of the online world gets a warning label slapped on it -- downloads, e-mail attachments, instant-messaging file transfers and now Web pages themselves. "Browser hijacking" is as bad as it gets: Like the Blaster worm, this form of trickery can take over your software silently and invisibly.

Hi, LilBambi-Thanks for the url, also for that excellent bunch of links in that other thread about MSCONFIG startup options. Bookmarked them all. BTW it appears that the merijn website (www.spywareinfo.com) that had the latest copy of CW Shredder for download has been so hammered by the spyware/scumware crowd's dos attacks that it is unreachable. It is so bad that even the alternative url for it you find from a Google search takes you nowhere.BTW my attempts to clean up my friend's computer that had lexdldr.a were in vain, not a great surprise. That one is particularly nasty and is probably running undetected on a lot of vulnerable machines because it does not attempt do do a browser hijack or anything else that would tip off the user that their machine had been compromised. And I did get a definite hit by Keylogger Hunter which pointed to a specific log file which I could never get a look at as some running process always kept it tied up.A humorous sidenote- my friend, going 'behind my back', asked his recent college grad son to also take a look. Guess he had his doubts about my skill level. I have heard an account of what ensued, and it is humorous in the retelling. First thing they did was apparently to go to the local Best Buy or whatever and purchase some sort of (unnamed) anti spyware utility. Having realized how clever and intractible the trojan is, shutting down WinXP whenever any AV or antispyware software is run, they had their second lesson when they attempted to return the software for a refund and learned that opened software is non-refundable. They ended up spending 500 dollars at the same store on a low end eMachines P4 box and solved their problem that way.I managed to be gentle with him and not to snicker when I heard his account, plus the comment that his son had recently had to clean up 15-20 viruses on his own computer he uses at school (personal machine). At that point I realized that the son is basically not security- oriented and cuts a far more impressive figure image-wise than is borne out in reality. Bottom line- my friend is still on the net using AOL, probably AOL9 I would imagine, and so is still vulnerable to the extent that his newer OS install and other software might continue to have unpatched vulnerabilities. I think he understands that concept in general terms, as he has indicated he is going to have me back over for some more tutoring and to install some safer utilities including alternative browsers and email clients, and hopefully some security and maintenance software as well- before it is once again too late. I'll keep you posted.

[nlinecomputers]

A humorous sidenote- my friend, going 'behind my back', asked his recent college grad son to also take a look. Guess he had his doubts about my skill level. I have heard an account of what ensued, and it is humorous in the retelling. First thing they did was apparently to go to the local Best Buy or whatever and purchase some sort of (unnamed) anti spyware utility. Having realized how clever and intractible the trojan is, shutting down WinXP whenever any AV or antispyware software is run, they had their second lesson when they attempted to return the software for a refund and learned that opened software is non-refundable.  They ended up spending 500 dollars at the same store on a low end eMachines P4 box and solved their problem that way.

Sometimes in my more bitter moments I wonder if that is why Microsoft is so lame on security. They know that a high percentage of people will just say "f*** it" and go buy a new computer. Which gets Microshaft and a PC maker a sale. Have we become so use to disposable items that it is now acceptable to be sold faulty junk over and over again?

[Guest LilBambi]

Nathan, I hear ya! I was kicking myself this morning for having sent my newsletter alert out 12 hours too soon! LOL!Cluttermagnet, amazing story about your friend's computer. Very interesting for sure. Any info you have on that keylogger should probably be posted on spywareinfo.com as an fyi if you get the time. I can't believe they just purchased another computer instead of reinstalling the OS!! :rolleyes:As far as spywareinfo.com ... yes, it was down again (some sort of server error was reported) for a couple/few hours again yesterday but back up later in the day. It is a shame that they keep attacking them incessently. They just want to help folks get control back of their computers and get them to run like the computer they purchased (PIII or P4) instead of acting like a 486 computer and crashing frequently!

[siebkens]

I can't believe they just purchased another computer instead of reinstalling the OS!!

Sadly, I can. I'm seeing this a lot. People think that there is something wrong with their computer when it just gets so whacked out. Computer prices are low & wiping everything out & reloading is just too intimidating for them!

[Ed_P]

Have we become so use to disposable items that it is now acceptable to be sold faulty junk over and over again?

Ever hear of cars? People have been buying them for years and when they don't work, they buy another one.

[Rons]

You don't buy a new car just because it's out of gas,

[Guest LilBambi]

Good point Rons .... I don't think it would be like getting a new car either. Cars for one thing cost alot more. And for another, replacement of a car is generally a last resort after finding out what's wrong from someone trained to fix them, professionally and/or a friend/relative. Unless you are the type that trades in a car every 3 years or leases them.With computers (ones purchased not leased), it appears to be more like replacing a VCR not too long ago -- just because it eats a tape -- really just needs minor maintenance, but folks often think they need a new VCR if it eats a tape or two.With computers, in more cases than not, there is absolutely nothing wrong with the computer except that it needs the OS reinstalled. All the hardware still works, just the OS is messed up.Caveat: Some computers really need replacing anyway due to being too slow for modern OSes, particularly if you are going to run Windows.I am not suggesting folks keep running their old 486DX66 or Pentium 166mhz running Win95 with patched winsock, or try to install or run WinXP on these old computers. There are times when purchasing a new computer makes perfect sense. But just because the OS gets messed up isn't one of them.

[Ed_P]

You don't buy a new car just because it's out of gas,

True and people don't replace pcs when a website doesn't come up. But some do replace cars when they have to take it to a garage to be fixed, ie new transmission or engine or to the body shop.

[nlinecomputers]

No but I've had clients that wanted to buy a computer when all the websites didn't come up. Would you buy a new car just because you can't start it? A $5 clogged fuel filter can cause a car not to start and so can a thrown rod in a engine block. Our problem today is that with computers so cheap they are much more likely to just toss it out. Partly because hiring someone like me to check them out costs almost as much as it does to just go buy a new one. Interestingly the systems are now so insecure that the clueless end users often manages to FUBAR the new system just as fast. THEN they get a clue and call me.

[Cluttermagnet]

Yes, guys-I'm still shaking my head sadly over the whole experience. It might help to realize that this was one of my rare paid gigs. Usually I just help my friends at no charge. My way of showing my gratitude for all the nice things folks have done for me over the years. But my friend was using this computer at work 'lightly' for a little emailing, surfing, and posting of resumes, etc. He insisted on paying me. The cost of this enterprise was therefore rapidly approaching a point of diminishing returns, considering that it was only an AMD cpu running at about 550MHz, as I remember, and it was slightly RAM deficient. Only had 128M as I recall. The performance was 'adequate', nothing particularly slowing it down. But the problem is it was about a 4-5 year old machine and had a copy of XP pro of unknown pedigree. I think it is safe to assume that nobody took responsibility for keeping anything on there current, and absolutely no maintenance or security utilities were in evidence. This box was essentially a 'hand me up' from his son's friend to his son to him. Lots of unpatched vulnerabilities on it, and then he had to run it with AOL and their blasted IE browser. Truly a recipe for disaster. The guy's wife was astonished when I pointed out to her that computers require periodic maintenance and patches to remain secure. She hadn't a clue and seemed to think that this was an onerous requirement. I hasten to point out that she is a Mac type and is only now struggling to learn the rudiments of Windows, so she has led a sheltered life in her little backwater of the internet.Another factor to consider is that my friend may have had a brief period where he lost confidence in me. He was also ill for a week and stayed home a lot. I was cut out of the loop for a while, and despite repeated attempts to reach him by phone, my calls were not returned for about a week. Once I did hear from him, what transpired was presented to me as a fiat accompli. Ah, well. I wish he had consulted with me. I'd have to say he must have overly discounted my abilities and overly inflated his expectations of what his son could do for him. A smart lad but not at all security oriented. I think there was somewhat of a panic mentality in play that week, and a sense of wanting to cut their losses. Unfortunately, I never got to explain to him that the AMD box could have has the OS reinstalled. I don't think they entirely get it, but can't be sure as I was out of the loop. For his purposes, that box, properly maintained and secured, would have been fine for what little he needs to do on the net. Of course it does take more hours to wipe the HD and start fresh. I'm not at all sure that he didn't make the right choice. He's probably a lot more secure for now with a fresh OS install on a new machine. I will add some better tools as soon as he lets me, tutor him a little more, and try to get him thinking in terms of security. Perhaps now I will get his full attention when I try to stress some points, such as not to risk running IE under any conditions if it is at all avoidable.

[Guest LilBambi]

I hope he does get you in there to secure the box. :thumbsup:But I wouldn't hold your breath on getting him to switch browsers, LOL!Count yourself lucky if he starts doing maintenance. ;)Eventually, if he has to do the maintenance and pay closer attention, he will see the wisdom in changing browsers in time.

[Ed_P]

I'd have to say he must have overly discounted my abilities and overly inflated his expectations of what his son could do for him.

Not necessarily. He may have simply grown tired of the non-functioning system and wanted the problem resolved once and for all. And could afford a newer system with a new monitor and speakers and etc. Too good to pass up.

[linuxdude32]

You don't buy a new car just because it's out of gas, :'(

You don't? I'm going right back to that dealer that sold me a new car and telling him off! People are funny. It's amazing sometimes the money they will spend to avoid having to learn something or even just admit they don't know. Computer geeks probably give out more free information than anybody else and yet seem to be doubted by computer neophytes because somebody at Futureshop told them something different (I'm sure there are some very smart people at Futureshop, but simply working there doesn't make one smart).

[redmaledeer]

This may be a bit off=topic, but Cluttermagnet mentions switching from IE to another browser as a way of greatly improving security. I've been thinking of doing that.In these Forums, switching to Mozilla has often been urged as a way of improving security. But my PC is too small for that. (I'm one of those people who would drive their car forever.)(1) If Mozilla is too large, how is OPERA from a security standpoint? And in other ways? Opera fits on my machine, and seems to do everything I want a browser to do. And If Mozilla and/or Opera are more secure than IE, is that because they are designed to be inherently more secure, or because they are rare enough that hackers don't give them much attention? I guess I'm wondering how likely it is that hackers will catch up if these two become more popular.(2) If I wanted something like Mozilla, can anyone tell me about the K-MELEON browser? It's a cut=down version of Mozilla for Windows. It fits on my machine, and seems to browse just fine. My questions (notably security) would be the same as for Opera. K-meleon is in a beta which seems to function. The development group seems small.(3) LINUX is probably an enormous topic. My questions about it would be the same as for Opera, especially present and future security. I know that there are a number of small Linuxes which should fit on my machine, tho I've never installed or used one. I have used a couple of flavors of Unix on other machines. I believe this would mean leaving the Evil Empire entirely, which would be fine by me.My computer usage in all this would be email, light surfing, and word processing.Thanks.-- (Windows 98SE and IE 5.5, all fully updated; 133Mhz Pentium, 48Mb RAM, 1.2G large memory. Don't laugh, it does all the jobs listed above.)

[striker]

Redmaledeer,I see what you mean,but have you thought of Firebird 0.7 or the new Firefox 0.8? Especially Firebird 0.7 I was thinking of...I do happen to have an old Compaq Deskpro here with a 66 MHz processor and 64 MB RAM in it, and a HDD from 1,2 GB :I installed a stripped down version of Windows 98SE on it including a minimalistic Word version.NO IE on this machine ( and NO OE ), there's Firebird 0.7 on it running absolutely great. OK,it's not as fast as on my daily machine,but it gets the job done very well.With regard to linux, you could post that question to ATL,I'm 100% sure within no time there will be an answer right away : but may I do a suggestion? Have a look at VectorLinux if you're really considering linux.There's enough information in the ATL so have a look over there.

[redmaledeer]

Striker - Thanks. I thought I had checked Firebird and Firefox, but I will do that again.I agree with you about Linux. I put it here because it was part of my concern about getting to something more secure.

[Guest LilBambi]

Yes, I can tell you that Firefox works well on a Pentium 166 IBM laptop with 96MB RAM (Win98SE, IE 6.x .. all upgrades) too.As striker mentioned, not as fast as regular computers, but definitely gets the job done. And client wanted it for intermittent use.No OE on this one either .. IE 6 only for ease of MS Windows Updates. Firefox is the default browser.

[linuxdude32]

With those specs, I'd think Firefox would be pretty painful but can't hurt to try (other than your download and experimenting time). I think the main reason it's more secure is that it's not integrated with the OS like IE is. With IE, practically every hole found exposes the entire OS. However, that being said, with your limited hard drive space, memory and processor speed, you might find it easier to just keep up with the patches than put another browser on your system.Requirements for Firebird from their website:

Minimum Hardware Pentium 233 MHz (Recommended: Pentium 500MHz or greater)64 MB RAM (Recommended: 128 MB RAM or greater)52 MB hard drive space

Opera would be more secure for the same reason and might run better on your machine (it used to be so small it could fit on a floppy), but you'd want to opt for the paid edition since the free version has an annoying banner and ends up having a very cluttered interface (though there are measures you can take to make it less uncluttered. Try their free version and see what you think of it.

[Cluttermagnet]

This may be a bit off=topic,  but Cluttermagnet mentions switching from IE to another browser as a way of greatly improving security. I've been thinking of doing that.In these Forums,  switching to Mozilla has often been urged as a way of improving security. But my PC is too small for that. (I'm one of those people who would drive their car forever.)(snip)(2) If I wanted something like Mozilla,  can anyone tell me about the K-MELEON browser? It's a cut=down version of Mozilla for Windows. It fits on my machine,  and seems to browse just fine. My questions (notably security) would be the same as for Opera. K-meleon is in a beta which seems to function. The development group seems small.My computer usage in all this would be email,  light surfing,  and word processing.Thanks.--  (Windows 98SE and IE 5.5,  all fully updated; 133Mhz Pentium,  48Mb RAM,  1.2G large memory. Don't laugh,  it does all the jobs listed above.)

Those are really good questions you are asking about browsers. That's a challenge, to keep the OS and add-on software on your HD compact enough with only a 1.2G drive.Your question about Linux suggested the following to me- have you heard about those 'Live CD' distros such as Knoppix? You can run that one on Windows computers if they have enough capacity- RAM, processor speed, and so on. It might be worth looking into. The beauty of that method is that your entire Linux OS can live on a CD and you don't need to install it onto your small HD. If your machine is up to it, and if you can live with the 'canned' distro just as they compiled it, this might be great for you. The big question is whether your computer is a 'robust' enough platform to support the live CD.The browser question is quite interesting. I checked, and the download sizes of Kmeleon and Firebird 0.7 are quite similar. One question is how much bigger a footprint they have once they are installed onto your HD. I like Kmeleon 0.7 with service pack 1. I have been loading that on a lot of my Windows machines as an alternative browser. I like the way it does bookmarks. It is real good for people you are trying to get to give IE a rest (for security reasons). It can look at your IE Favorites and make them accessible from within Kmeleon without going through a lot of changes trying to import them. Kmeleon also has a pretty good popup blocker. There are a lot of things I like about it. Total download of 0.7 plus SP1 are only about 5.4M. Their new 0.8.2 release has most of the bugs worked out, and it is based on a much more recent Mozilla release, namely Moz 1.5. It's just about the same size download. I intend to give the new release a try myself in the near future. Looks like Kmeleon 0.7 SP1 is about 11M or so after installation.Firebird 0.7 is still worthy of mention, though there is a newer release, now renamed to Firefox 0.8. I have Firebird on a lot of Windows machines also. I love it. It has really become my favorite. I expect that when I try Firefox, it will be just that much better. The download size of 0.7 is only about 6.3M. Firefox is a 6.5M download. Probably a lot bigger after you unzip them into folders. Looks like maybe around 16M or so for Firebird, from what I can see.The later builds of Mozilla are also worth mention. Pretty good browsers, as I see it. A bit large, however. Moz 1.6, the latest, is about a 12.3M download, probably a good bit bigger after installation. It has a good email client and some other gadgets built in. That adds significantly to its size.If I had your HD space constraints, I would be having a real tug of war with myself over which one browser to install. I like Firebird so much that I think I would likely put up with it chewing up an extra 5M on my HD compared with Kmeleon. Kmeleon is a great little browser, however. BTW if you want really tiny, look into the "Off By One" browser. You will find it with a Google search on the name. Very small and will work 'OK' for the vast majority of websites. You do have to give up a lot for the small size. I think it would be worth it for everyone to at least take a look at Off By One. It gives you some appreciation of how complicated a piece of software a fully- featured browser is and why they might get to be so large.Edit: I have Kmeleon 0.7 SP1 running on my old 486-66MHz with a mere 36M RAM. It plays great. Not that I take Win 95 for a spin on the internet very often these days with so many security threats. But it is good to know that Kmeleon will perform adequately on such a minimalist system. I think you might be very happy with the latest 0.8.2 release. Make sure you remove Kmeleon 0.7 first if you want to try installing 0.8.2.Security wise, I believe that any of the other major browsers that have been suggested would be a better pick than IE if you care about security. Kmeleon and Netscape and Mozilla should all be fairly similar in that regard. Firebird and Firefox are also considered pretty secure, perhaps even better than the Moz derivatives. Any of them can be considered significantly more secure than IE.

[redmaledeer]

Thanks for the helpful replies.Here is what my PC has and the minimum (and recommended) system requirements of browsers:My PC: Windows 98SE and IE 5.5, all fully updated; 133Mhz Pentium, 48Mb RAM, 1.2G large memory.Opera 7: Pentium 166MHz, 32Mb RAM (earlier versions less).K-Meleon (a lightweight Mozilla derivative for Windows): 486 PC (Pentium recommended), 32Mb RAM.Mozilla: 233MHz, 64Mb RAM.Firefox (and probably Firebird): Pentium 233MHz (500MHz), 64Mb RAM (128Mb), Win 98+ (Win XP).This reminds me why I downloaded and tried K-Meleon and Opera first. But with Striker's and LilBambi's experience with Firebird/Firefox on small machines, and Cluttermagnet's liking for them, they might be worth a try.People seemed to comment more about the Mozilla family than Opera. So I'm guessing that that might be preferred. Or is Opera just less familiar?I was interested in Cluttermagnet's vote of confidence in K-Meleon, because I had never heard of it before I went browser hunting. It works fine for me, and it would be a way of being in the Mozilla family if Firebird/Firefox didn't work.I do have the Off By One browser (which uses Windows). It doesn't work for me because I can't get to my web-enabled email accounts, since it doesn't do Java. But it does downloads, and (amazingly) it fits on a floppy, and it can be run from a floppy. I think a floppy is where it will end up, as a way of saving my bacon if the browsers on my machine stop working. The idea of running a system straight from a CD was intriguing. It sure would be an easy way of having a spare, and of trying out Linux. It would save space, but so far I've done pretty well on space, maybe because I have so few applications (email, surfing, word processing).In regard to Linux, I had heard good things about Knoppix, and when I looked at Vector Linux that Striker suggested, it seemed to have plenty of features and was aimed exactly at small machines like mine.Thanks again for the information and encouragement.

[Ed_P]

A concern about a Linux 'Live CD' distro is that you would need to order it on a CD rather than download it. They are usually 640MB and the writing process copies it all to a TEMP folder during the write process.

[Guest LilBambi]

If you are intrigued about LiveCDs, I would suggest you check out the ATL (All Things Linux) forum. There are many LiveCDs available and folks burn them for themselves all the time. :thumbsup:Here's a list of search results on the word "livecd" here in ATL:http://forums.scotsnewsletter.com/index.ph...highlite=livecd

Edited March 10, 2004 by LilBambi

[Ed_P]

folks burn them for themselves all the time.

Not many do that with 1.2GB hard drives.