A
Al Becker
There are a number of Web sites that set the IE default home page
without asking the user for permission.... HOW do they do it?
http://www.passthison.com used to do it up until a few days ago. A few
years ago, they even managed to plant a .hta file into the user's
Startup folder, causing the home page to be re-set at every start up.
Sanford Wallace, the site's owner, was even investigated by the FBI
for this. See this article from 2001:
http://zdnet.com.com/2100-11-528428.html?legacy=zdnn
Same goes for the default search engine when the Search button is
clicked. Some sites have found a way to change that property too and
implant a spy redirect url that monitors all searches.
Unfortunately I don't have a good example URL right now because
passthison.com seems to have turned that feature off right now but if
you surf enough random porn or warez sites, or domains that have been
cybersquatted (i.e. the original owner let it expire and some "search
engine" company grabbed it for the residiual traffic), it'll happen to
your browser sooner or later. ;-)
Most registry keys modified by these sites are here:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\*
Just ***HOW*** do they do it????????? Pisses me off!! I want to create
an antispy tool that automatically guards these registry keys, but I
need to know how they get modified without the user's permission in
the first place.
Thanks for any help you can give. If you know the answer and feel
uncomfortable posting such potentially dangerous information in
public, please email me directly
Thanks - Nick
without asking the user for permission.... HOW do they do it?
http://www.passthison.com used to do it up until a few days ago. A few
years ago, they even managed to plant a .hta file into the user's
Startup folder, causing the home page to be re-set at every start up.
Sanford Wallace, the site's owner, was even investigated by the FBI
for this. See this article from 2001:
http://zdnet.com.com/2100-11-528428.html?legacy=zdnn
Same goes for the default search engine when the Search button is
clicked. Some sites have found a way to change that property too and
implant a spy redirect url that monitors all searches.
Unfortunately I don't have a good example URL right now because
passthison.com seems to have turned that feature off right now but if
you surf enough random porn or warez sites, or domains that have been
cybersquatted (i.e. the original owner let it expire and some "search
engine" company grabbed it for the residiual traffic), it'll happen to
your browser sooner or later. ;-)
Most registry keys modified by these sites are here:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\*
Just ***HOW*** do they do it????????? Pisses me off!! I want to create
an antispy tool that automatically guards these registry keys, but I
need to know how they get modified without the user's permission in
the first place.
Thanks for any help you can give. If you know the answer and feel
uncomfortable posting such potentially dangerous information in
public, please email me directly
Thanks - Nick