Internet Explorer has a way for a website to add itself to the list of favorites. It’s a feature Microsoft added so that websites can have a button that says “Bookmark This Site! Just Click Here!”
Now, if that’s all that particular feature did, then there wouldn’t be any malware concerns over it. Unscrupulous programmers have taken advantage of it to create Home Page Hijackers.
In a nutshell, a Home Page Hijacker is a program that reaches into your browser and changes your homepage – without your permission. You might think, “That’s easy enough to fix, just change my homepage back and everything is fine.”
Unfortunately, the Hijacker won’t let you get away with that, thanks to a BHO, or Browser Helper Object.
The BHO is a chunk of code that gets added to the browser. It’s meant as a quick and easy expansion to the browser, but when malware programmers get their hands on it, it becomes something a lot more sinister.
A Homepage Hijacker will both change the homepage and bookmarks, and install a BHO. The “helpful” BHO has been programmed to make sure the homepage hijacker sticks around.
What this means is, every time the computer is rebooted, and/or every time the browser is started, the BHO kicks in for just a second.. It “restores” the bookmark file and homepage setting.
Homepage Hijackers, with their associated BHO modules, have been known to change the homepage, remove entries from bookmarks, add anywhere from one to hundreds of bookmarks, and even change the default search settings. This way, when a user misspells a web site address, instead of seeing the usual IE “I can’t find that” page, he sees an ad-covered search page.
At their worst, homepage hijackers force the user to go through their web sites and search engines to get to any site on the ‘net.