[INFO] Browser Hijacks

By ucould2
Jul 6, 2013
  1. I have just noticed a new type of program running on all my browsers and could not find any exact matches for the problem searching (Prof. Google) -shopper bots-.
    Eventually I found a close cousin of the problem over here at botcrawl malware called Superfish.
    I have an Add On, Extension called TubeSaver 1.116 installed both in Firefox, Chrome and in Internet Explorer the following transcript was found
    Publisher: (Not verified) istqt Soft​
    Type:Browser Helper Object​
    File date:Sunday, ‎30 ‎June ‎2013, ‏‎3:38 PM​
    Date last accessed:Today, ‎6 ‎July ‎2013, ‏‎35 minutes ago​
    Class ID:{E7673D9C-270D-4805-B619-5556A9977909}​
    Use count:3​
    Block count:0​
    Folder:C:\Program Files (x86)\TubeSaver​
    Whether or not this had an impact at all, but, moments after I removed and Add-On Extension called Quick Translator 1.0 because it hadn't updated since December 2012. Microsoft Security Essentials detected a "potential threat that might compromise your privacy or damage your PC"
    The article in the above mentioned site was written in April 2013 and it could be that the developers of this type of "Legitimate add-on" have mutated it, due to over exposure in a "negative light"
    The idea behind the program is to create an interest in a better priced product(s) that the viewer is already interested in. But the savings, deals and advertising displayed by extracting a "Visual Fingerprint" are most likely only provided by sponsors of the add-on. And are not indicative of actual prices and therefore they are not beneficial for the purchaser.
    The third party provider of the search query image, then entraps the potential customer by redirecting them to a "controlled page" where, although the page looks for all intents and purposes correctly legitimate. The purchase here or even Paypal buttons are Hijacked and lead the unsuspecting purchaser to enter the private details needed to make the purchase. In doing so the are actually passing their information onto a third party who may use this opportunity to invade their privacy with excessive email spam, telemarketers, phishing attempts by telephone and junk mail.
    The program while is not an actual Computer Virus it is categorised as combination of Adware and Browser Hijacker because it may change internet settings by entrapping victims into third party terms that the internet user may not be aware of.

    EDIT :- Microsoft's Malware Protection Center defines it as Adware:Win32/AddLyrics

    Hope this helps

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...