|Type||Browser Hijacker, PUP|
|Short Description||The redirect can change the homepage, search engine and new tab on each browser installed on the compromised machine.|
|Symptoms||Depending on the exact redirect configuration different behaviour patterns can be executed. The list includes user redirection, malware infections and etc.|
|Distribution Method||Freeware Installations, Bundled Packages|
|Detection Tool|| See If Your System Has Been Affected by Defend Search |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Defend Search.|
Defend Search Redirect – Distribution
Browser hijackers like the Defend Search redirect can be distributed using different methods. Depending on the intended scope of infections and target users the criminals behind it can utilize different strategies. A common method is the coordination of email spam messages that are usually made by following pre-existing templates. The hackers employ social engineering tricks that attempts to blackmail the users into getting infected. There are several types of messages that can be made:
- Hyperlinks — The hackers can redirect the users to a site hosting the Defend Search redirect infections via links. They can be masked as password reset notifications, services and etc.
- File Attachments — The hacker operators can directly attach the virus files to the messages. Usually they are disgised as software installers.
- Infected Documents — Computer criminals can embed malware code in different types of documents: rich text documents, spreadsheets and presentations. As soon as they are opened a notification prompt appears which asks the victims to run the embedded scripts (macros). As soon as this is done the virus is downloaded from a remote server and executed on the infected systems.
Another technique bundles the malware code into software installers. The criminals usually obtain the installers from their official sources and then spreads the malware software packages to hacker-operated sites and file sharing apps like BitTorrent. In some cases the computer users may be able to disable the infections by unchecking certain options. The malware sites can also use various web scripts such as redirects, pop-ups and banners.
Defend Search Redirect – In Detail
The Defend Search redirect can impose a variety of malware activity on the targets depending on the preliminary hacker configuration. Usually the attacks begin with the basic browser changes. The criminals modify the default search engine, new tabs page and home page in order to redirect the victims to the malware site. The programmers tend to make the code compatible with the most popular applications: Mozilla Firefox, Google Chrome, Opera, Safari, Internet Explorer and Microsoft Edge.
When the infection has complete the victims will find that every they open up their browser the Defend Search malware home page will be displayed. At the same time tracking cookies will be placed in the applications that track the victims every site interaction. The bulk of harvested information is relayed in real time to the hacker operators.
As the Defend Search redirect infections happen through the web browsers the computer criminals can access data stored in them. This includes the following: form data, bookmarks, history, preferences, passwords and account credentials.
In many cases redirects such as this one are operated as part of a larger network of connected sites that all pool the data and cross-reference it in order to create a complete profile of the targets. The extracted data can be categorized into two separate categories:
- Anonymous Metrics — Such data creates a complete profile of the installed hardware components and software. This information is used for statistical purposes.
- Personally-identifiable Information — This batch of information can directly expose the users identity. Example data includes names, addresses, phone numbers, nick names and etc.
If used with in conjunction with an advanced infection tactic the Defend Search redirect can be used to deliver additional threats to the victims. This effectively makes the hijacker a step in the multi-stage delivery of the various malware. Examples include ransomware and Trojans.
During the security investigation the experts discovered that the modular framework can allow for a malware server connection. Using it the hackers can institute a Trojan component that can allow the hackers to view the users desktop at any given time. They can also overtake control of the victim machines at any given time.
The Defend Search redirect home page is designed using a template that copies the way legitimate service are made. It is comprised of a top menu bar that holds several interactive elements.
A logo image is placed on the far left, next to it is the search engine box itself and underneath it are search type buttons. On the right the users can view the Login, Photos and Gmail shortcuts. By the looks of it the Defend Search redirect is a customized Google search instance.
The users may be fooled into thinking that it is safe to use the service, however in many cases the results can be altered to inclue sponsored or affiliate links.
How to Remove Defend Search Redirect
The detailed guide below shows how to remove Defend Search redirect from all affected browsers and from the PC. In some cases, the manual removal may not be enough to eliminate completely the hijacker. So be advised to run a scan with an advanced anti-malware tool. It will locate all leftovers so you can easily delete them with a few mouse clicks. Furthermore, an active anti-malware tool on the system guarantees its protection from future malware infections.