What happened to my browser?

If you’re like most of us you mainly use Google Chrome or Firefox to access your online tools, resources, and email. They’re both great browsers, but sometimes things seem to change on their own. You might open a new tab and see a strange new search engine, or start getting strange popups from websites you’ve previously visited but which aren’t currently open. More alarmingly, you might notice strange downloads happening you didn’t initiate, or your email tells you someone else is logged in from another location. What’s going on?

In many cases the answer is malware, but unlike the really nasty stuff that contaminates your computer, this variant lives entirely inside the Chrome web browser. This might seem innocuous, but considering how much of your personal, financial, and private information passing through the web it’s worth taking seriously if you think you might be “infected”.

Browser-based malware is a form of unwanted software that modifies a web browser’s settings without your permission. The usual result is the placement of unwanted advertising into the browser, and possibly the replacement of an existing home page or search page with a new page entirely. The idea is to make you visit certain websites whether you want to or not so the hijacker receives advertising revenue. Worse, browser hijackers and malware may also contain spyware to obtain banking information and other sensitive data.

How can I tell if I have browser-based malware?

Signs that your browser is hijacked by malware include:

  • searches that are redirected to different websites
  • multiple pop-up advertisements
  • strange new toolbars in the browser

Or if you see any pages referencing any of the following:

  • Ask Toolbar
  • GoSave
  • Coupon Server
  • CoolWebSearch
  • RocketTab

How did this happen?

Unfortunately what happens in your web browser is difficult for our Trend virus scanner to detect, as there are many extensions and Chrome apps that are entirely desirable and useful, and distinguishing between them and malicious variants is difficult. The good news is your browser is actually very secure, each tab you open is entirely separate from any other tab and they cannot cross contaminate each other (a technology called “sandboxing”). In all cases of browser malware, you must click a button to agree to install the extension or app before the infection can occur. Examples of these prompts look like this, and if you see one you almost certainly want to hit “Cancel”.

An example of a Chrome extension installation request


The dreaded Ask Toolbar malware

What do I do if I think my browser is infected?

It’s time to ask for some expert help! Log into our Self Service portal at https://kuhukuhu.waikato.ac.nz and look for the Software Assistance option. FIll in the form and a friendly IT consultant will get in touch. We can remove the problematic extension or app and give you some advice on how to stay safe online.

Nga Mihi,
ITS Service Operations