Spigot browser hijackers
There is a large family of Spigot browser hijackers that all have a lot in common. So by giving you a description of them we hope this will help you to avoid any similar and new ones that might come along.
Targeted browsers
For some, but not all browser hijackers in this family there are extensions for Firefox and Google Chrome. In Internet Explorer they change the default Search Provider and the startpage. Trying to install the PUP on Edge will get you nothing but an “Unsupported Browser” notice.
Recognizing the sites
The websites where these hijackers can be downloaded will show you the EULA —
–explaining to you, “the User”, what the downside of installing “the Software” might be.
The Software is a free desktop application that offers you direct links to websites from your new preferred homepage and saves your new preferred home page and/or new tab page. When we set your Browser’s settings using the Software, they will be saved automatically on Chrome™, Firefox®, and Internet Explorer®. As part of the installation process of the Software, we may change your Internet Browser settings and/or provide you with the ability to opt to make changes to your Internet Browser settings.
Download locations
Downloads typically come from proinstall-download[dot]com or report-download[dot]com (both blocked by our Web Protection module). Both of these domains are registered with GoDaddy (no surprise there!). The download location changed not too long ago.
It used to be secure[dot]fileldr08[dot]com and from the screenshot above you can see why we categorized these browser hijackers as PUP.Optional.Spigot. Worth noting is that after they switched away from the above download location, I was unable to install the extensions on Google Chrome. It failed to download and offer the extension. But this got fixed after a few weeks.
The startpage
The new startpage for the affected browser is a typical search page with a toolbar and some shortcuts, pointing to sites where you can find the information or functionality that the hijacker promised to provide, supplemented by local weather and social media links.
Installation guidance
Another typical behavior, that these hijackers copied from the likes of Mindspark, is the right in your face installation guidance with huge green arrows pointing out what your next step should be.
Removal guides
You can find some examples among the removal guides on our forums:
Summary
Spigot browser hijackers of this family are easy to recognize and in our opinion hardly worth installing because they add no more functionality than a few bookmarks. We hope this post helps you to avoid them in the future.
As always: Save yourself the hassle and get protected.
Pieter Arntz