Sunday, December 30, 2007's Browser Hijacker

Click to enlarge on Featurepics
"Business Hack," © fluca

Probably unknown to current management of the Generations Network (TGN) and new owners, Spectrum Equity Investors, they have inherited a problem that has affected many: something is sometimes hijacking browsers to

The Ancestry Insider suffers from the problem on his laptop. Frustrated to his fill, he's finally fixated on finding and fixing this problem.

Part 1: An Unholy Alliance

On my laptop, when I enter a non-existent domain, say, my browser is redirected to Over several years I've tried several respected malware scanners, trying to detect and fix this problem, including Spybot Search and Destroy, Ad-Aware Free and Norton AntiVirus. When I upgraded to Internet Explorer 7, the problem remained. When I downloaded and tried Firefox, the hijacking still occurred.

My investigation thus far has been unable to determine if this situation is an unhappy accidental alignment of technology settings or the last vestige of an unholy alliance the company made years ago with aggressive Internet marketer,

According to Beau Sharbrough in a 2004 article in the Ancestry Daily News,

Spyware is unwanted software, hidden on your computer. It might include the following:

--- Adware. These programs serve you popup ads. They might also send information to advertisers. One of the more insidious examples is Gator. They produce popup ads that don't come from the site you are visiting. For a fee, they will put up Ford ads on pages that have “Honda” on them

Gator's adware technology was installed during the installation of some program offered for free in exchange for the permission to display advertising. Some of Gator's programs were eWallet, GotSmiley, Dashbar, Precision Time, Screenscenes and weatherscope. After installation, a user would be shown popup advertisements that matched their interests, which were inferred from the websites they visited. (Source)

Spyware legal expert, Benjamin Edelman, says,

Users who manage to read the [63-page Gator] license find surprising terms: Users must not run third-party tools (like Ad-Aware or Spybot) to remove Gator, and users must not investigate what personal information Gator tracks and sends.

Because the popups sometimes obscured the websites of competitors, and because Gator fought being described as "spyware", Gator and its software were involved in legal actions with or among: the Internet Advertising Bureau, Virtumundo, L.L. Bean, PriceGrabber, the New York Times, the Washington Post (among other media companies), Weight Watchers,,, Extended Stay America, Hertz, Lending Tree, Metrodate (representing a class of websites),, Quicken Loans, Six Continents Hotels, TigerDirect, UPS, Wells Fargo, Teleflora, Nordstrom's, JC Penney, Atkins, Gevalia, Interlinx ( and PC Pitstop. (Source)

Paul Allen

In a 2004 Paul Allen, former Ancestry executive, wrote a blog article titled Gator files for IPO as Claria Corporation in which he acknowledged the use of Gator's technology at

My team at used to advertise on Gator. It was cool to think that we could “gator” our competitors web sites and pop-up our advertisement just as a web user was thinking of subscribing to, say, [a competitor at the time]. I don’t think this should be considered illegal. If an end user wants a Gator tool on their machine to monitor what they are doing and save them money by giving them competing offers or coupons just in time, what is wrong with that?

Allen shows a clear understanding of Gator's deceptive practices but still expresses admiration.

Gator [is] much hated in the industry by web site publishers and much beloved by aggressive Internet marketers. ... The numbers are amazing...

Gator has about 43 million customers that have downloaded one of their software applications, knowingly or unknowingly. These applications are mostly completely useless, but they get downloaded inadvertently...

Getting people to download software for free which stays resident and helps Claria make money is actually quite brilliant...

I think they are just taking advantage of the naivety of many web users...

I think Claria has some clever tactics and end users have been gullible.

Claria has since announced exiting the "adware" business, although its software remains on download sites and continues to be installed on computers. Claria also announced it has shut down the servers that supply popup advertisements to the Gator Advertising Network (GAIN).

List of Suspects

I admit Gator was my first suspect. But is it possible that starved of responses from the GAIN ad servers, Gator's software degrades into default or unintentional behavior that causes or contributes to the mysterious browser redirects?

When I learned that even Mac users have been hijacked to, I knew it was time to start looking for another suspect.

Next time, we'll look at suspect 2: DNS poisoning.

1 comment:

  1. I use OpenDNS to help prevent things like this. It won't prevent everything, but it is great for most stuff and protects against a whole host of things only a n3rd would get. For the layman, it is a free way to protect yourself from phishing attacks. With free registration you can add objectionable content filtering too.



Note: Only a member of this blog may post a comment.