(The following articles
have been archived for both instructional and reference purposes. To read the full
articles please follow the links to the source located at the bottom.)
PC World: Invasion of the Browser Snatchers
Beware of typos that lead you to malicious sites--and
here's how to break free if you get caught at one.
Lincoln Spector, special to PCWorld.com
Thursday, February 14, 2002
Ron Zorko was only trying to get to PC World's web site.
But when he accidentally mistyped the URL, a porn site popped up.
"I suppose I should learn to type better," he says. But a typo that
took him to mycpworld.com was only the beginning of his troubles. He soon discovered
that this porn site was now both his home and default search page. He changed
the settings back in Internet Explorer. But with his next system boot, www.mycpworld.com
was back.
"No matter what I did, that was my home page," he says.
Zorko was one of three readers within two weeks to e-mail PC World's Answer
Line address with a tale of a hijacked home page that renewed itself with every
boot.
Several of these sites, including mycpworld.com, redirect you
to a harder-to-trace foreign site. That one uses JavaScript to insert a new
command into your Registry. This command runs at every boot, changing your home
page.
PC consultant Rod Ream first saw this condition on a client's
system in January. He believes it was made from the Js_exception.gen JavaScript
Trojan Horse.
"It's a kit," intended for setting up such aggressive
Web sites, Ream explains. "Webmasters can tailor this to do different manipulations."
Whoever created the site, "picked some stuff that other people haven't
chosen," Ream says.
Read
the full article at PC World
