Beware of Trojan.Win32.StartPage.83 Tampering with Your Browser Homepage


   Recently, Baidu Antivirus Security Center has intercepted a version of a Trojan named Trojan.Win32.StartPage.83. This Trojan maliciously alters the user's browser homepage, and forcibly modifies the browser's shortcut on the computer's desktop. When the user opens the browser, it immediately displays a rather unpleasant website.  

   According to Baidu Antivirus security experts, Trojan.Win32.StartPage.83 primarily spreads through bundling with popular games, with cloud-based commands controlling the infected files. According to analysis, the Trojan's host program may have lurked in the user's computer for several months (one of the timestamps showed 2013-09-07 05:46:52). From the figure below, we can see that the Trojan first appeared on the 5th, after which the infection volume soared rapidly within a very short time. We also notice that the Trojan infection volume dropped to 0 on the 13th, leading to speculation that the Trojan's author may cancel the spread of Trojan.Win32.StartPage.83on that day using cloud-based commands.‍ 

   Security experts stressed thatTrojan.Win32.StartPage.83 targets all currently popular browsers and attempts to hijack the homepages of these browsers, including the search engines (we discovered samples of infected search engines from the cloud configuration files of the Trojan). It attempts to reap profits through these maliciously altered homepages.‍ 

   Baidu Antivirus security experts warned that because Google has achieved great success through enormous network traffic, some Trojans authors apparently also hope to obtain lucrative returns through network traffic, and maliciously tampering with users' homepages has become the most popular means of obtaining traffic. According to Baidu Antivirus security detection, it was discovered that the number of similar Trojans was on the rise, and users must regularly update their security software to avoid risks. Currently Baidu Antivirus users can prevent the Trojan.Win32.StartPage.83 from infecting their computers by simply enabling real-time protection. It is recommended that the other users download the latest version of Baidu Antivirus and enable the real-time protection feature. This will prevent Trojans from hijacking their browser homepages.