Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Tricks from Browser Hijackers?

Posted by Cliff on from the adapt-or-(preferrably)-die dept.

Fortunato_NC asks: "I'm the IT manager for a small business that delivers its service via a browser-based application, and we take around two dozen to three dozen tech support calls from users each day. Many have something to do with pop-up ads making using our product nearly impossible, which is odd, since we don't have any advertising on our website. Of course, it's spyware causing the pop-ups, and we recommend using a product like Ad-aware to take care of the issue. However, not everyone gets the message. Today I was on a client's computer using WebEx helping them remove yet another 'browser helper'. The uninstaller for this program consisted of running no fewer than four separate programs, each of which forced closed the Internet Explorer windows, killing the WebEx session, and making it very difficult to service an already upset client ('What do you mean I have to join the meeting AGAIN?'). It seems as if this product anticipated the need to have someone remotely help the user remove it and went out of its way to make that task nearly impossible. Has anyone else on Slashdott encountered spyware or malware specifically designed to make life miserable for *remote* support techs? What other nasty tactics are spyware authors using that you've noticed?"

5 of 104 comments (clear)

  1. remote shremote by perlchild · · Score: 5, Insightful

    You think just because you're using a web browser tool, to remotely access a web browser, to remove vermin, is a design decision on the vermin designer's part?

    Hate to break it to you, but when you've got a broken arm, you don't usually use that arm to set the bone.

    Ever heard of non-browser based remote access? Like VNC, pcAnywhere, NetOP or remotely possible?

    It has nothing to do with this vermin's author being clever, you're just using a not very optimal tool for your removal of that vermin.

  2. nasty stuff by returnoftheyeti · · Score: 5, Interesting

    I've seen windows rebooting as soon as any user logs in (even safe mode). I've seen the media player exploit and Media Player added to HKEY LOCAL MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN. So that the adware reinstalls its self even after running AdAware. I've seen a giant - full screen Active Desktop Ad advertising spyware removal, it even covers the taskbar. I've seen files that cant be deleted from the command line in the recovery console. Windows is the most insecure thing I've ever seen. What I want to know is if someone smarter than me can make a Knoppix like disk, that will read NTFS, run Adaware, CW Shredder, and an online scan like housecall.trendmicro.com and fix all the problems. Barts PE works ok for the purpose, but Knoppix is faster and more flexible.

  3. Re:a few steps to clear yourself of all problems by Idealius · · Score: 5, Insightful

    Actually, many "Browser Hijackers" are coupled with their TSR spyware buddies so #4 would oftentimes backfire on you.

    If anyone is familiar with HijackThis they'll know that Spyware/Malware comes with several modules placed in different portions of people's startup/browser configurations so if a piece of the spyware is removed from one area the other modules will replicate back to these areas sometimes with random filenames and a host of many other tricks that anyone familiar with "the game" will know.

    Anyway, a lot of us are going to need replacements for HijackThis because the last version Merijn released is just that: the last version.

  4. Re:Stop using IE by Anonymous Coward · · Score: 5, Insightful
    Tell your users to use a decent browser instead of IE (Firefox, Mozilla, Opera, whatever). Let them handle their spyware infestations themselves.

    Not an option in almost all business environments. In fact, we're specifically prohibited from even suggesting to users that they use an alternative browser because it'd be a bigger support hassle for the desktop support group. SAP requires IE, WebEx requires IE, our timecard program requires IE, and now they want to migrate people from POP mail to using Exchange Server. I work for morons (the US government).

  5. Re:Stop using IE by dheltzel · · Score: 5, Insightful
    Asking them to download and install software is beyond the capabilities of many of our users.

    Yet they seem to have no trouble at all installing all that spyware. Someone needs to create a one click install via a popup for Firefox, then you just put that popup on your site and wait until they inadvertently fix themselves.
    Extra credit for the hacker if can wipe the existing spyware (the competition) and put the firefox path into all the shortcuts and registry keys that currently point to IE.

    Imagine a "spyware" program that make the computer run better and safer than it was before.