Hijackers - Definition and Descriptions

Thursday, January 20, 2005

Hijackers - Having trouble getting connected to the sites or services you want to on the internet? Your start page been changed to some unheard of 100% advertisement laden portal page? Then you may be infected with a Hijacker. These nasty little buggers do just like the name implies. They "hijack" your computers internet connection. There are several techniques used to do this but the end result is the same. Your internet experience is what they want you to see and do and not what you want to see or do.

Probably the simplest form of hijacking and the most common as well is the start page browser hijack. Where your browsers start page is changed to something other than what you and no matter how hard or how many times you change it back to what you want... always ends up back on some advertisement page you don't want to see. Some of the more malicious and dangerous hijacks are zone file and dns hijacks. Basically what that means is they alter where your computer goes when you type in certain web sites into your browsers address bar. Think for a moment what that could mean and you will see exactly how dangerous this is.

Imagine if you will that your computer unbeknownst to you has a dns hijack. You get online to check your bank account like your normally do. Lets say you bank at Citibank. You type http://www.citibank.com into your browsers address bar as usual and you click go. As you would expect the citibank homepage loads up and you (being the security minded computerandinternetsecurityblog.com reader you are) check the address bar and yes it says you are at citibank.com. You procede to enter your username and password as you normally do and click submit. To your dismay you are redirected to an error page that informs you the citibank site is undergoing maintenance and will be down for the next day or two. Unhappy that you can't check your account but unaware anything is wrong you click the browser closed and go about your business. If your system has been dns hijacked you may have just been the victim of a combined dns hijack / phishing scam.

If you were victimized in the previous scenario what really happend was that when you entered http://www.citibank.com into the browser the dns hijack redirected you to a web server not owned by citibank. This web server had a site designed to look exactly like the citibank one so that surfers would be unaware they were personally hand delivering their banking information right into the hands of a thief. The owner of this phishing scam site can now has your bank URL, username, and password and is capable of draining every last dime and in most cases the "and then some" from your account.

This information is not intended to scare you away from the internet in general or from banking online specifically. It is intended to be eye opening information that shows you there are real dangers on the internet much greater than your basic annoying adware most of us seem to be plagued with. By using the techniques I show you in the various articles on this site you will be much safer online and also have a much more enjoyable experience.

---