Thanks Darren Bolton for a link to this news article.
Ron Zorko was only trying to get to PC World's web site. But when he accidentally mistyped the URL, a porn site popped up.
"I suppose I should learn to type better," he says. But a typo that took him to mycpworld.com was only the beginning of his troubles. He soon discovered that this porn site was now both his home and default search page. He changed the settings back in Internet Explorer. But with his next system boot, www.mycpworld.com was back.
"No matter what I did, that was my home page," he says. Zorko was one of three readers within two weeks to e-mail PC World's Answer Line address with a tale of a hijacked home page that renewed itself with every boot.
Several of these sites, including mycpworld.com, redirect you to a harder-to-trace foreign site. That one uses JavaScript to insert a new command into your Registry. This command runs at every boot, changing your home page.
PC consultant Rod Ream first saw this condition on a client's system in January. He believes it was made from the Js_exception.gen JavaScript Trojan Horse.
"It's a kit," intended for setting up such aggressive Web sites, Ream explains. "Webmasters can tailor this to do different manipulations." Whoever created the site, "picked some stuff that other people haven't chosen," Ream says.
News source: PCWorld - Invasion of the Browser Snatchers