Fix your hijacked web browser

Browser hijacking is a type of online fraud. Scammers use malicious software (malware) to take control of your computer's Internet browser and change how and what it displays when you're surfing the web. If you are already a victim of a hijacked browser, the following instructions can help you free your browser from the hackers, restore browser settings, and boost browser security.

Help free your browser from hackers
Antivirus and antispyware software helps prevent and detect malware. If any malware does manage to bypass your firewall, antivirus and antispyware software will help remove that potentially dangerous software. If you have Windows 8 installed, antivirus software is included with the operating system. You are not required to do anything to set it up. If you are using earlier versions of Windows, Microsoft provides free antivirus software called Microsoft Security Essentials. Many of our partners also offer antivirus software.

Help restore your browser home page
If your home page keeps changing back to another page, this might be a sign that your computer is infected with a virus. After you have updated your computer with the latest antivirus software, restore your browser home page.

To change your home page in Internet Explorer 10
Internet Explorer 10 is the latest and most secure version of the Microsoft web browser.

Download Internet Explorer 10 to help protect your computer against viruses, fraud, ID theft, and other threats.
In Internet Explorer, navigate to the page that you want to make your home page.
Click the down arrow next to the Home icon on the Internet Explorer toolbar, and then click Add or change home page.
Click either Use this webpage as your only home page or Add this webpage to your home page tabs.

Help boost browser security by disabling add-ons
Many browser hijackings come from add-on software, also known as browser extensions, browser helper objects, or toolbars. These items can improve your experience on a website by providing multimedia or interactive content, such as animations. However, some add-on software can cause your computer to stop responding or display content that you don't want, such as pop-up ads. Internet Explorer 10 and Internet Explorer 9 warn you in the notification area of your browser if an add-on is slowing down your computer. You can also view the add-ons that you already have installed and disable the add-ons that you don't want by clicking the gear icon, and then clicking Manage add-ons.

Capturing your Bank Account by Accessing to SMS

According to Symantec Corp., mobile phone banking transactions are more vulnerable because of Android malware that eavesdrops on incoming SMS messages and forwards them to another SMS number or server. This sort of data leakage represents a significant risk, both to individuals and to organizations. The potential exists for attacks like these to target Internet banking services that send mobile transaction authentication numbers via SMS. Many banks send authentication codes to your phone via SMS each time you do an online transaction. This means that just stealing a login password is no longer enough for criminals to raid your account. But malware on your phone, such as the Zeus-based Andr/Zitmo (and similar versions targeting BlackBerry) are capable of intercepting those SMS messages.

Consider the following hypothetical scenario. Through a conventional phishing attack, a victim gives criminals sufficient information to allow them to sign in to your mobile banking account and also port your phone number (this has happened). They can now log in to your online bank account while also receiving an SMS containing the second-factor authentication token needed to complete a transaction. Through the use of a malicious Android app that harvests SMS messages in real time and in concert with a social engineering attack, attackers open a brief window of opportunity to steal this token and use it.

Fake Software, unauthorized SMS messages

Today, the most common business model for Android malware attacks is to install fake apps that secretly send expensive messages to premium rate SMS services. Recent examples have included phony versions of Angry Birds Space, Instagram, and fake Android antivirus products. In May 2012, UK’s mobile phone industry regulator discovered that 1,391 UK Android users had been stung by one of these scams.

The regulator fined the firm that operated the payment system involved, halted fund transfers, and demanded refunds for those who’d already paid. However, UK users represented only about 10% of this malware’s apparent victims it has been seen in at least 18 countries. Currently, one family of Android malware, Andr/Boxer, accounts for the largest number of Android malware samples we see, roughly one third of the total. Linked to .ru domains hosted in the Ukraine.

Andr/Boxer presents messages in Russian and has disproportionately attacked Eastern European Android users who visit sites where they’ve been promised photos of attractive women. When they arrive at these sites, users see a webpage that is carefully crafted to entice them to download and install a malicious app.
For example, the user might be prompted (in Russian) to install a fake update for products such as Opera or
Skype. Or, in some cases, a fake antivirus scan is run, reports false infections, and recommends the installation of a fake antivirus program. Once installed, the new app begins sending expensive SMS messages. Many of these Trojans install with what Android calls the INSTALL_PACKAGES permission. That means they can download and install additional malware in the future.