Browser Proxy Server Settings Hijacked and Locked by Malicious WebSearcher

It is just about every day that some new form of malware makes it to the limelight as it has some aggressive form of attacking vulnerable computers around the world. Today the special malware that has garnered the attention of many is in the form of a Potentially Unwanted Program (PUP), dubbed WebSearcher.

The WebSearcher PUP has been ousted by security researchers from Malwarebytes to secretly take over a computer's proxy server settings, which are utilized by web browser applications. The operation of WebSearcher PUP eventually affects the ability for Google Chrome, Internet Explorer and Firefox web browser apps from changing the proxy server settings for a proper and secure internet connection.

When we first discovered WebSearcher we found it to be an extremely annoying component that usually loads up when you attempt to surf the Internet using any popularized web browser application. After further investigation and discovery of MalwareBytes' findings on WebSearcher, it is apparent that the malware threat is unique in its ability to change proxy server settings inside browsers using registry keys and other clever methods.

In the past, common adware threats and browser hijackers have used the method of changing proxy server settings through the settings panel within web browsers. By taking a higher road, if you will, changing the proxy settings via the Windows registry, WebSearcher appears to lock the settings in and prevent users from reverting the settings back to normal.

Boasting aggressive changes to your internet settings, WebSearcher PUP must be removed in order to restore your settings and normal internet access. The abuse conducted by WebSearcher is known to manipulate the Fiddler Web debugging toolkit, which is often used by security researchers to debug malware behavior. Fundamentally, WebSearcher is able to abuse the "DO_NOT_TRUST_FiddlerRoot" root certificate, which is a method for the malware to take hold of proxy settings and evade common methods for debugging or resolving a proxy setting issue.

Many experienced computer users will attempt to rectify issues with potentially unwanted programs or common adware threats that have been installed on their system. Most often the fix for such applications manipulating internet access by changing proxy settings can easily be repaired by entering into a Windows system's Internet Options setting and reverting the proxy settings back to the default selection. However, when it comes to WebSearcher's ability to change the setting through a registry entry, the setting cannot be manually changed until WebSearcher is completely removed.