Browser Hijackings

Andrew Mutch amutch at
Thu Jun 21 09:20:49 EDT 2001

Just in the past day or two, I've had a rash of staff and public
browsers that appear to have been victims of browser hijacking.  When a
user tries to browse to an invalid domain, they are redirected to this

I've found that visiting sites related to this one will prompt, in IE,
for you to reset your home page, which seems to be part of the process.
However, even after changing the home page back to your original home
page, "bad" domains will continue to redirect you to the "bigred" site.
I've checked for the usual suspects such as proxy settings changed in
Internet Explorer but I didn't find anything there.  I suspect there may
be some "spyware" that is being downloaded and is causing this strange
browser behavior but I haven't been able to pin it down to one
particular site or "spyware" company.  I did some searching last night
but didn't encounter anything related to "bigred".

Has anyone else encountered this behavior or had problems relating to
this particular site?  I will be doing more scanning with the Ad-Aware
freeware to see if I can detect any "spyware" on our machines but any
other leads would be appreciated!

Thank you,

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI

More information about the Web4lib mailing list