1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. ISearch Mistyped URL Hijack Attempt

ISearch Mistyped URL Hijack Attempt

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects the spyware's URL hijacking attempts.

Additional Information

Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as a toolbar. It is a search hijacker that tracks user activity on a remote server on the isearch.com domain.

Spyware:
Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are: passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware, or from visiting a Web site that downloads the spyware with or without an End User License Agreement.

Adware:
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyberspace.

Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware, or from visiting a Web site that downloads the adware with or without an End User License Agreement.

Affected

  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Resource Kit
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server Japanese Edition
  • Microsoft Windows 2000 Terminal Services SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Workstation rev.2031, rev.2072, rev.2195, SP1, SP2, SP3
  • Microsoft Windows 95 Build 490.R6, j, SP1, SR2
  • Microsoft Windows 98 a, b, j, SP1
  • Microsoft Windows 98 With Plus! Pack
  • Microsoft Windows 98SE
  • Microsoft Windows CE 2.0, 3.0, 4.2
  • Microsoft Windows ME
  • Microsoft Windows NT 3.5, 3.5.1, 3.5.1 SP1, 3.5.1 SP2, 3.5.1 SP3, 3.5.1 SP4, 3.5.1 SP5, 3.5.1 SP5 alpha, 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP1 alpha, 4.0 SP2, 4.0 SP2 alpha, 4.0 SP3, 4.0 SP3 alpha, 4.0 SP4, 4.0 SP4 alpha, 4.0 SP5, 4.0 SP5 alpha, 4.0 SP6, 4.0 SP6 alpha, 4.0 SP6a, 4.0 SP6a alpha
  • Microsoft Windows NT 4.0 Option Pack
  • Microsoft Windows NT Enterprise Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Workstation 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows Server 2003 Datacenter Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP1, SP1 Beta 1
  • Microsoft Windows Vista beta
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Embedded SP1
  • Microsoft Windows XP Home SP1, SP2
  • Microsoft Windows XP Media Center Edition SP1, SP2
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1, SP2

Response

Use any good anti-spyware/anti-adware solution to remove the threat from the host. Also visit the Symantec Security Response Web site for more information and removal instructions.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube