How do users get infected with Browser Hijacking/Adware?

[Ink]

We get it, it's common on Windows and macOS.

But how does it occur, and why are they so difficult to remove? Is there a video demonstration of this scenario.

 

[LDogg]

There's plenty of informative articles out there. Couldn't find many videos, only telling you how to remove it.

- What is browser hijacking and why is it so common? - Ophtek
- Browser Hijacking: What Is It and How Can You Prevent It?
- Browser hijacker: Definition, Removal and Prevention Guide

Edit: Unchecky is also good at preventing Browser Hijacks/PUPs.

~LDogg

 

[harlan4096]

But how does it occur...

1.- Usually downloading applications from not official sites.

2.- During the installing process, clicking NEXT -> NEXT -> NEXT -> ... (tending to infinite) without reading any info in any new window, until application wizard if finished

 

[RoboMan]

I strongly believe browser hijacking relies 100% upon novice users don't caring nor understanding. Cybercriminals, if we can call people who code these, often distribute adware and browser hijacking with bundleware (aka software installed within other software because you didn't unchecked the options).

The main two reasons with browser hijacking takes place is:

• Users who don't care to read and just download and install
• No enough protection (anti-malware solution capable of detecting these)

 

[509322]

We get it, it's common on Windows and macOS.

But how does it occur, and why are they so difficult to remove? Is there a video demonstration of this scenario.

1. Visit website and crap gets downloaded into the browser cache\User Profile; easy fix - run CCleaner or equivalent

2. User downloads and runs PUP\PUA\Riskware\Crapware; cleanup is manual - browser hijack in registry, DLL, etc

It is only difficult because people do not know how to seach and locate the problem. Otherwise the cleanups are trivial.

 

[LDogg]

Definitely novice users or lazy people that get this quite often. Especially when not reading the installation package.

~LDogg

 

[509322]

Definitely novice users or lazy people that get this quite often. Especially when not reading the installation package.

~LDogg

"Users that want to use stuff"

"People who just don't know any better and don't want to know any better"

"Default allow because people don't want to see anything blocked"

"Default allow because people cannot do anything for themselves"

"Default allow because it is the security software's job to do it for the person"

"Default allow because people cannot handle it"

Oh please... people aren't that dumb. And they sure as hell are not helpless. The real issue is that they are not being properly instructed.

That whole debate. It is ludicrous. Removing the person from the equation is only a half\partial solution - and one that is destined to fail.

What else ? Those very same people who the security soft "does it for," will slam it the moment that it fails and the system gets infected - even with a harmless PUA that sits there and does nothing. Those very same people have the expectation of 100 % protection in 100 % of cases.

Until someone comes up with perfect Ai - which won't be anytime soon I might add - the only real solution is user education and knowledge - and not blind enslavement to security softs.

 

[LDogg]

There are those that will literally not read anything and just wish to get the software on the computer without the hassle of reading through things.

~LDogg

 

[509322]

There are those that will literally not read anything and just wish to get the software on the computer without the hassle of reading through things.

~LDogg

TL;DR = the way of the security soft theater junkies & jokerz.

"I just saw the word 'bypass'... I didn't actually bother to read a single word... so I uninstalled CCleaner because it was 'bypassed'... but, hey... I still use Windows." :X3:

There is a single truth to all IT security matters... and that is that people are always part of the problem, because people are an intrinsic part of IT security.

 

[LDogg]

People will always be the problem, in one way the advantage is people can be trained & educated on safe IT practises/browsing habits. This mitigates browser hijacking a lot. Doesn't take 5 minutes to read through something.

~LDogg

 

[509322]

People will always be the problem, in one way the advantage is people can be trained & educated on safe IT practises/browsing habits. This mitigates browser hijacking a lot. Doesn't take 5 minutes to read through something.

~LDogg

Yeah, well... the prevailing model put forth by the industry is to remove the person as the solution.

The terminators will kill us all.

 

[Mahesh Sudula]

Well, nice informative post after a long time
100% OF THE TIME users are responsible !
Since these stuff gets bundelled with the softwares..
Symptoms include Home page change, Un wanted advertisements re directions, browser slow downs, Multiple sites open upon a single click
Most of the times we can know/ feel that the browser is hijacked
Next level include malicious downloading, Access restriction to normal sites like anti malware websites, Download interuption of AV software, Heavy hanging right after opening the browser

All of the above are personally faced by me, may vary here and there
Regards.

 

[LDogg]

Yeah, well... the prevailing model put forth by the industry is to remove the person as the solution.

The terminators will kill us all.

Seems like a satirical ideology to me

~LDogg

 

[Moonhorse]

Well installers, some will bundle pups but browser hijacking how i have experienced that is just clicking video on legit site, that redirects you to sketchy site while letting you throught to video you wanted to see. So pop-ups wich are avoidable by installing adblocker. But i think you have to harden your adblocker by adding more and more filters/ keep it up to date to work well

But hijacking affecting google accounts, are what im worry about. Its very hard to get rid of them, since they can corrupt your profile completely. I have google account corrupted, and i just gave up with it ( happened years ago)

 

[Weebarra]

Well i guess i am one of the so called lazy people or one who doesn't care (thanks guys for the label) but i'll stick with @RoboMan's definition of "novice users" and most likely too much security software, as i believed that more is better back then but i have actually learnt that that is untrue so i do really thank you for that
Personally i was watching football via a non legal source and i honestly don't know what i clicked, possibly a flash player download that was blinking at me so it was my own fault. As for videos out there, i haven't come across any but i did stumble upon this guide written by our very own @Jack and as that was the exact hijacker i encountered that is why i am here at MT today

Remove Binkiland Search virus (Removal Guide)

 

[Andy Ful]

Well i guess i am one of the so called lazy people or one who doesn't care (thanks guys for the label)
...
As for videos out there, i haven't come across any but i did stumble upon this guide written by our very own @Jack and as that was the exact hijacker i encountered that is why i am here at MT today
...

You probably care, anyway. If not, then there would not be @Weebarra on MT.
Because you are the "wee barra" (Scottish slang) everybody here is inclined to like you.

 

[Local Host]

I can talk from experience, where a costumer got his browser hijacked after installing Daemon Tools Free (this was years ago, W7 days).

The first assumption was he clicked NEXT all the way and got infected (as always), but after some research and testing, I found out Daemon Tools Free was packing adware with no option to opt-out (setup got from official website).

So you just have to be careful with the Software you install.

A more recent example is Ace Stream, which actually happened to my cousin.

 

[shmu26]

Most people don't have their finger on the trigger all the time, peering in every direction for a sign of the hiding attacker.
A tired, distracted housewife, or a half-drunk guy watching a pirated vid while in Chrome incognito mode -- that's all it takes.
Even someone who just wants to relax and unwind in the privacy of his own living room, and throw off worries for a little while.
Let's not even talk about teenagers.
Bam, infected.

 

[509322]

Most people don't have their finger on the trigger all the time, peering in every direction for a sign of the hiding attacker.
A tired, distracted housewife, or a half-drunk guy watching a pirated vid while in Chrome incognito mode -- that's all it takes.
Even someone who just wants to relax and unwind in the privacy of his own living room, and throw off worries for a little while.
Let's not even talk about teenagers.
Bam, infected.

Blame it on the default allow 8-Ball chasers.