Browser Hijacking

The Network: A Bank serving multiple states on the U.S. East Coast with a HQ and several dozen branch offices; 500+ servers and 2,000+ workstations.

The Expectation: Employee workstations are secured with brand-name, up–to-date antivirus (AV).

The Catch: The browser was hijacked by MapsGalaxy. This program is capable of modifying your browser homepages to its own.

The Find: It was unknowingly installed through product bundling with a third party application. Unfortunately, once installed it also added the MapsGalaxy toolbar, changed the browser homepage and set the default search engine to The MapsGalaxy Toolbar is not a virus, per-se, but it does display plenty of malicious behaviors. It can act as a rootkit with capabilities to sneak deep into the operating system, hijack your browser, and also ultimately interfere with the user experience.

The Fix: Uninstall the toolbar (quite persistent and sticky); clean up the workstations; run a deep scan.

The Lesson: When given the option to choose a custom or advanced installation, it is often possible to opt out of the bundled application install.