Spyware :: Threats :: Browser Hijackers :: URL Prefix Attacks

URL Prefix attacks

It's possible for a browser hijacker to change the default prefix appended to the url if one it not included. For example if I type in google.com. I expect my browser to add the http:// part automatically. This part is called the URL prefix, and its not fixed to http://. The prefix values are stored in the registry at;

HLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix HLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefix

For example, if I set change the default prefix from "http://" to "http://www.google.com/search?q=" it will now automatically go to google.com if I don't type the http:// part. As a test I changed the defaultprefix value and typed in "security.com" on my browser. Instead of trying http://www.security.com like you'd expect it's carried out a search of security.com on Google.com because the address was changed to;


Browser hijackers can make good use of this and use it in a similar way to which I demonstrated. Instead of querying Google it could query there own search engine. Serveral browser Hijackers have been known to do this.

Browser Hijackers : Further Info on Adoko
Further Information
Internet Reset Hijack (iereset.inf hijack)
Host Hijack
Adoko Forum - If you've been hijacked, and need any advice on how to remove it - try the adoko forum.

Browser Hijackers : Links
Internet Controller - A program from Adoko.com, you might find this useful for sorting out hijacking problems.
Hijackthis - A great program for sorting out hijacking problems.