Malware PUP that can replace a web browser

September 2, 2016 Eric News, Software Problems, Windows XP/Vista/7/8.1/10 Problems 0

Malware PUP that can replace  a web browser with a fake copy

The users of Windows computers should be aware that malware exists that can replace a web browser with a functioning imposter that looks and behaves like the real thing.

Since Windows Vista, a feature called User Account Control (UAC) requires user permission to install any software, including malware. Many users find it intrusive and disable it.

Not a good idea. You should always look closely at what is requesting permission to install before granting it. If necessary, if you are not installing anything and the software requesting permission to install is named by UAC, look it up on the web and deny it permission.

Even malware that is capable of replacing an entire web browser still can’t install unless it is given permission by the user in Windows Vista, 7, 8.1 and 10. Windows XP Professional also provides an early version of UAC that does not have a name but which requires user permission to install software.

User Access Control (UAC) settings in Windows 10
User Access Control (UAC) settings in Windows 10. Click on the image to view its full size

Check Windows file associations to make sure that legitimate software is set to use them

Malware called eFast, classified as a Potentially Unwanted Program (PUP) that came to light in October 2015, is the first that can impersonate a web browser. It replaces the open-source Google Chrome web browser and takes over the Windows File Associations. Windows associates file types, such as gif, png and jpg image files, html and htm webpage files and pdf document files, with the software that uses it.

For example, when the user installs the free Foxit PDF reader, Foxit is set to open PDF documents. If eFast is allowed to install, it takes over all of the most important file types, including email file types.

To check or change the file associations In Windows 10, that is, check or set the programs that run file types, follow this click path: Start => Control Panel => Programs => Default Programs.

Web search for Change file associations in Windows, adding your version of Windows, to find out how to set the default programs that run specific file types. The settings are all in slightly different places in the Control Panel.

Open-source web browsers are the most vulnerable to malware/adware takeovers

Any developer can develop open-source software. The source code is freely available. This is no doubt why the Chrome browser is the victim of eFast.  Several legitimate developers have produced their own versions of Chrome, such as the free Comodo Dragon browser. The Internet Explorer, Edge, Firefox and Opera web browsers are examples of browsers that are proprietary, which means that their source code is not freely available to any developer.

For example, none of Microsoft’s software can legally be developed by third-party developers. Malware developers would therefore find it impossible to replace proprietary browsers without screwing Windows and the proprietary web browsers up very noticeably. Therefore, Chrome and its offshoots and other open-source-based browsers are always going to be targeted to deliver PUPs, malware/adware that can replace a web browser.

The following webpage from Malwarebytes, the malware scanner, provides more detailed technical details of the eFast PUP.

https://blog.malwarebytes.com/cybercrime/2015/10/efast-browser-hijacks-file-associations/

About Eric 275 Articles
I am an experienced PC technician who has been the owner and sole writer of the PC Buyer Beware! website since 2004. I am learning all the time in this very dynamic, ever-changing field.