'Browser Hijacking' the Latest Threat for Windows Users

Windows users already have enough security risks to worry about, but here’s a new one — browser hijacking.

It takes tedious, time-consuming work to undo the damage, and most users only discover the ‘hijacking’ after it’s happened. Pop-up windows overlap everywhere, the Internet Explorer home page and Web services are switched to other sites and the list of favorite sites is replaced with porn, the Washington Post reported.

In some cases, all users did was click an "OK" button that they thought was changing home-page settings or adding a Web toolbar — not knowing the damage that would result. The problem is often caused by going online with an old copy of Windows, allowing a hijacker's site to take advantage of security flaws.

The Washington Post recommends a few strategies to stop the problem. Run an up-to-date antivirus utility and firewall program and regularly download Microsoft's critical updates (windowsupdate.microsoft.com). Two of the biggest security flaws behind browser hijacking can be fixed with a pair of downloads. A third can be remedied by installing a better browser.

First, stop pop-ups by going to toolbar.google.com through Internet Explorer 5.5 or newer, or install another browser. Step two is to update the Java software on your machine. Its developer, Sun Microsystems, designed it with tight limits on what a Web-based application can and can't do. But these limits must be enforced by a "virtual machine" program that runs on your own computer, and the one Microsoft developed contained vulnerabilities that hijackers abuse. The better option is to download and install Sun's own, free Java virtual machine (www.java.com).

Step three is to eliminate ActiveX, which allows Web interactivity, but it relies on users to give the right answer when Internet Explorer asks, "Do you trust this publisher?" Click "yes" and the ActiveX program can do whatever it wants. Use an ActiveX-free browser for everyday Web use. A good Internet Explorer replacement is a free copy of Mozilla (www.mozilla.org).

If your computer has already been infected, your antivirus program should clean it out. But you may need specialized hijack-removal software, such as Hijack This! or CWShredder (both at http://www.spywareinfo.com/~merijn/downloads.html

You may like these other stories...

Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.