The simple yet insidious advancements of Malware

Here’s the story:

You’ve been going to the gym because you want to stay in shape.  In fact, you’ve recognized that a good workout isn’t sufficient so you’ve made a resolution to not only exercise but to eat well too.

But it’s freggin’ hard right?

It’s hard to forego the delicious burgers, the crunchy Doritos, the cool ice cream bars and the sweet candy corn (especially as we approach Halloween) but you know in the long run abstaining from  junk will improve your health and happiness.

Well, one Saturday morning after a satisfying workout, you return to your home office, flip open the laptop lid and spot an email from a trusted college buddy…

Over the past week or so your computer has been running kind of slow so you emailed your tech genius friend John who said you should try downloading Auslogics DiskDefrag.  He claims it sped up his computer and that it would probably do the same for you.

You know a little bit about tech but you trust his opinion over yours.

After all, he’s been VP of Technology of some swanky hedge fund in New York City for almost a decade now so he probably knows a thing or two about basic computer maintenance.

You quickly head over to Google and and end up at the software makers homepage.

Ahh where is this thing?

After poking around the site for a minutes you find the program.

Suddenly you feel something warm and furry brushing up against your feet.  Startled, you glance below your desk and see your girlfriends selfish cat trying to solicit your attention.

You hate cats but figure you’ll oblige the cats benign request for some attention.  As you begging petting the cat it closes its eyes and release a low, gurgling purr.

Okay, maybe this cat isn’t so bad

Chime!

The unexpected noise swivels your focus to your computer.  It looks like Windows needs your permission to install the disk defrag thingy.

Okay, I’ve been through these, blah blah blah, I’ll just click next all the way through.

Unfortunately your impetuous decision to click Next without reading the prompts causes you to unwittingly opt-in to a weird bitable.com agreement.

This is what it said:

Want to open your favorite websites in one click?  Set Bitable.com as the home page in your web browsers and have all your favorite websites at your fingertips every time you start your browsing sessions.  Any open web browsers will be closed once you click Continue.

Auslogics Disk Defrag installing the Bitable.com malware

This was obviously a mistake because now:

  • The homepage on all your browsers are going to be hijacked by some site called bitable.com
  • You were fooled by the chicanery of the installer

Most people aren’t expecting installers to smuggle unwanted programs during the installation phase.  It’s pretty messed up that these guys do this but it happens and that’s why you need to be alert.

So what happens next?

Let’s take Chrome for example.

If you click the homepage button it’ll still launch the default which Google.com but every time you launch the browser it somehow knows to use bitable.com.

Say hi to bitable.com - it's your new homepage

This is why this particular malware is simple yet insidious.

If you go to the homepage settings

chrome://settings

You’ll see that everything looks fine and dandy so why is Chrome using the Bitable.com homepage instead of the defaults that are configured?

A simple malware advancement

Go ahead and right click the browser shortcut on your Desktop and visit Properties.

Google Chrome shortcut properties

Now hit the Shortcut tab.

You’ll notice that the bitable.com hompage is appended to the end of chrome.exe executable path.

Google Chrome Shortcut Target Manipulation

This is why neither resetting your browser settings nor tinkering with your hompage config will work.  You have to actually delete the “http://bitable.com/” URL from the target path to remove the problem.

The Bottom Line

Malware is becoming more sophisticated .  And although hijacking a browser isn’t necessarily complex its effective because its so sneaky.

Always pay attention to each and every setup screen.  We can’t be oblivious to stuff like this because there are people who want to exploit our carelessness and profit  from it.  I don’t want you to be a victim of the reprobates who do this.  Has this happened to you?

Have you ever discovered that your homepage was altered without your permission?  Tell me about it in the comments!

About

Connect with Vonnie on Twitter

Posted in Google Chrome, Internet Explorer 10, Internet Explorer 11, Internet Explorer 9, Mozilla Firefox, Web Browsers, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 Tagged with: , ,
  • Amsa Kayo

    This once happened to me by this thing called orbitum. it litteraly asked me ” are you sure ” me being an idiot i said yes so it insatalled a whole new browser and me it open every time i open the computer. i went into safe mode to reomove it but it took me some time to find the file.

    • Hi Amsa, I’ve never heard of Orbitum but now I’ll keep my eye on it. This is the thing that really pisses me off. Software vendors are condoning malware by smuggling shitware in their applications.

      You weren’t being an idiot; you were being HUMAN.

      Most people don’t read this sort of thing because they inherently trust software makers to be honest with them. We trust them to keep us safe but they are proving over and over again that they can’t be trusted.

      I’m so sorry that you had to waste what was probably hours on hunting down the stupid file and removing it. I almost feel like big companies feel like they’ve covered their bases by adding that little “are you sure” message in there. That way they can say, “Hey, we warned Amsa!” But my point is that it should never be there in the first place!

      How would the product manager feel when his daughter’s computer needs antivirus protection and he immediately visits download.com to install it but then discovers he unwittingly installed an entire suit of junkware applications that rendered her computer more useless than it was before he touched it!

      Ahhh… so frustrating. Thanks for sharing though

  • kill liars

    Indifference & Apathy are the best allies of malware

    The lemming hoards of android users causally tolerate into existence more malware of the adware variety

    if an app shows third party ads it is NOT-FREE by construction. The unacceptable COST is privacy rape.

  • kill liars

    Dear prospective sucker:

    did you READ the ENTIRE text before agreeing by clicking next?

    did you do any investigating on the interweb before downloading binary?

    what security operates on your locally upstream device?

  • David Leigh

    My 2-cents worth:
    – When I can I choose to download only from the original developer’s site
    – Otherwise I try and pick a site that typically plays nice. That used to be FileHippo and sometimes MajorGeeks. Both of those are less reputable now, though. ;c(

  • Reverse IP tracker.

    Ok the way to Prevent this is go to your pinned Browsers as she aforementioned. BUT complete this last STEP. While I hide and exchange another ICON for the IE and Chrome browser links, it not necessary for others. But DO SET YOUR SHORTCUT link to READ ONLY. THEN this can “NEVER” Happen .. With Respect I helped create Widows 1971-81 with Bill in DOS days and at this old age desire to freely give away knowledge. Dj¸.•°*”˜˜”*°•.✫(©‿©™¸„ø¤º°¨ Ziggy.42o ®™

  • Reverse IP tracker.

    Also The World`s Oldest DJ ..lol .. Dj ¸.•°”˜˜”°•. 0♥‿◕0¸„ø¤º°¨ Ziggy.42o ©™

  • Reverse IP tracker.

    Here`s a look at my Computer ,, rather Dj Ziggy.42o ©™ context menu.
    I have created a System in the development for over 34 years and will offer it as Widows 12 or
    Dj Ziggy.42o ©™ System to Alienware or perhaps HP. Everything is in the right place. All that would ever be need is to update your drivers and updates. Speaking of updates have a look at how I created this DOS to actively clear the updates catalog, keep the existing updates and let windows updates refresh the listing WITHOUT Failures. Boy do I hate Failures. Must be from my Career in the Military. Retired in 1984. Never had any input with Microsoft windows 95 but in everyone else. I`m in their behind the scenes. So have a look. When I have more time I `ii teach some more .. Enjoythe class .. Dj ¨°º¤ø„¸ (†‿ő .•°*”˜ Ziggy.42o ©™