You will occasionally come across a site that pops up a window and asks you if you want to make that site your home page. This means that site will be automatically loaded each time you start your browser, as well as every time you open a new window. That method at least is open about what it is about to do if you click 'Yes'.
A tactic used by the lowest of the truly desperate of webmaster spammers is to obscure the question "Do you want to make this your home page?" in the dialog box with paragraphs of legalese-style text to the effect of "Adult content. Are you over 18?", to which most people obviously will click 'Yes' or 'OK'. Only later do they realize they have just had their browser's home page changed to a spammer's page, which usually earns the dick a penny for redirects or exit traps for every new browser window you open. The spammers also take advantage of the fact that some surfers aren't aware of how to change it back and so just leave it set to the spammer's page. Should you find your home page hijacked, and aren't sure how to change it back, follow this procedure (for Microsoft Internet Explorer):
1/ Click Tools -> Internet Options (see 'Update 2' below if you get a warning which prevents access to these options)
2/ If you just want a blank page (my
preferred option) click Use
Blank
3/ If you prefer a particular website to load whenever you open a browser window
then first go to that site, then follow step 1 again and click Use Current
4/ Click OK
Some webmaster spammers also use the
'"Are you over 18?" method described above to secretly insert their
page into your favorites list. Disabling Java scripting will prevent both these
tricks. See the section 'A simple way to protect yourself' at the main menu
for details on how to do this.
Update 1
A far more sinister method
If you use versions 4.0 to 5.5 of Internet Explorer you are vulnerable to a
devious method, discovered and published by George Guninski, of having your
home (start) and search pages hijacked, as well the possibility of having any
number of junk bookmarks added to your Favorites list. Depending on your security
settings, this can happen entirely without your permission and without any prior
warning.
If you have both Javascript and ActiveX enabled, the malicious website can cause
your browser to load a Java applet which, by accessing an ActiveX control, modifies
your home/search page settings directly
in the registry.
This means even if you change them back to their previous settings through Explorer,
the spammer's settings will be restored when you reboot or restart.
Disabling Javascript and ActiveX will prevent this particular scam.
If you find your home/search page preferences changed each time you reboot,
then you are likely to have had your registry hacked by this method. To undo
the rogue website's actions, follow this procedure:
Note - follow
this procedure very carefully, as editing the
wrong settings can cause problems!
1/ Click Start
-> Run
2/ Type in c:\windows\regedit (assuming your Windows is installed in C: drive) and click OK
3/ Click Edit -> Find
4/ Type in the name of the website
that has hijacked your settings e.g. bessybug.com or
globesearch.com
and click OK. A "Searching Registry" dialog box should appear.
5/ Double-click an entry that contains the website name you entered if it appears
at the right-hand side of one of these names:
Start Page
Search Page
Search Bar
Search URL
SearchAssistant
6/ In the Value Data field of the Edit String dialog box, type the name of the website you prefer for search or home pages (or simply leave blank and change later through Explorer)
7/ Repeat steps 5 to 6 as necessary.
8/ Click OK and
exit Regedit. Go back to Explorer and check that the new settings have been
accepted and are correct.
Update 2
If you receive the message
This operation
has been canceled due to restrictions in effect on this computer. Please contact
your system administrator.
when you select 'Internet Options', then start Regedit, in the manner described
above, and search for
hkey_current_user/software/policies/microsoft/internet explorer/restrictions
Once found, delete a value called 'NoBrowserOptions'.
Related links
http://www.guninski.com/javaea.html
http://support.microsoft.com/support/kb/articles/Q275/6/09.ASP
http://news.cnet.com/news/0-1005-200-4931077.html
Microsoft patch:
http://www.microsoft.com/technet/security/bulletin/MS00-075.asp