Some browser hijackers also contain spyware, for example, some install a software keylogger to gather information such as banking and e-mail authentication details.
Email attachments and files downloaded through suspicious websites and torrents are common tactics that browser hijackers use.
[citation needed] Some rogue security software will also hijack the start page, generally displaying a message such as "WARNING!
Programs such as WinFixer are known to hijack the user's start page and redirect it to another website.
If a user mistypes the name of a website then the DNS will return a Non-Existent Domain (NXDOMAIN) response.
[7] A number of hijackers change the browser homepage, display adverts, and/or set the default search engine; these include Astromenda (www.astromenda.com);[8][9][10] Ask Toolbar (ask.com); ESurf (esurf.biz) Binkiland (binkiland.com); Delta and Claro; Dregol;[11] Jamenize; Mindspark; Groovorio; Sweet Page; Mazy Search; Pensirot; Search Protect by Conduit along with search.conduit.com and variants; Tuvaro; Spigot; en.4yendex.com; Yahoo; etc.
It displays advertisements, sponsored links, and spurious paid search results.
[12] In 2011, the CNet site Download.com started bundling the Babylon Toolbar with open-source packages such as Nmap.
Gordon Lyon, the developer of Nmap, was upset over the way users of his software were tricked into using the toolbar.
This toolbar has been identified as Potentially Unwanted Programs (PUPs) by Malwarebytes[16] and is typically bundled with free downloads.
[19] Conduit is associated with malware, spyware, and adware, as victims of this hijacker have reported unwanted pop-ups and embedded in-text advertisements, on sites without ads.
Some victims claim that the callers claimed to be Apple, Microsoft, or their ISP, and are told that personal information was used in some phone calls, and that some of the calls concerned their browsing habits and recent browsing history.
Due to this, affected users are not aware that the hijacker has infected their Internet Explorer, Google Chrome or Mozilla Firefox browsers.
Snap.Do also can download many malicious toolbars, add-ons, and plug-ins like DVDVideoSoftTB, General Crawler, and Save Valet.
General Crawler, installed by Snap.do, has been known to use a backdoor process because it re-installs and re-enables itself every time an affected user removes it through their browser(s).
[26] One particular one changes the browser settings of Firefox, Chrome and Internet Explorer to show the website "istartsurf.com" as the homepage.
[32] It can be found when installing "Cheat Engine" or a different version of "VLC Player" on www.oldapps.com, or when downloading applications from certain freeware sites, such as Softonic.com or Download.com.
Trovi formerly used its own website to show search results with the logo at the top left hand corner of the page but later switched to Bing in attempt to fool users more easily.