Introduction
The continued growth of the Internet and online advertising has created an appealing medium through which fraudsters distribute malware and perpetrate a wide range of malicious activities. Over the past six months, Anchor Intelligence has identified a surge in browser hijacking attacks perpetrated through online advertising campaigns. These compromised ads, found on various ad networks and search engines, have been traced to schemes designed to defraud unsuspecting users by capturing their credit card information and account passwords, forcing ad clicks without users’ consent, and manipulating personal data such as cookies.
By targeting the browser, a user’s primary gateway to the Internet, browser-hijacking malware has emerged as one of the most powerful and dangerous online exploits. The hijacker is an uninvited guest, which sits dormant in the background of the user’s experience, looking over her shoulder to log each keystroke as she enters her bank password, redirect her to malicious websites when she expects to see search results pages, or simply leverage her browser to make http requests unbeknownst to her.
In response to the explosion of browser hijacking exploits identified across its network, Anchor Intelligence is issuing “The Uninvited Guest: A Browser Hijacking Experience, Dissected” to educate end users, ad buyers, and ad sellers about how to recognize and avoid common tactics used by fraudsters to compromise their systems. Section I of the report provides background on browser hijacking and describes infection vectors, payloads, and attacks. Section II breaks down the infection experience of a clean browser and shows exactly what happens once that browser has been hijacked. The browser hijacking experience dissected in this Report is launched from a site: clean_pc_now.biz (“_” characters have been used to replace “-“ in order to avoid accidental redirects to the malicious site). Section III provides tips and trends to help readers avoid browser hijacking in the future.
To view all sections of the report please use this link – Browser Hijacking Report - .
