Home Malware Programs Trojans Trojan.IStartSurf


Posted: July 26, 2019

Trojan.IStartSurf is a Trojan that installs unsafe and Potentially Unwanted Programs in a bundle during the installation routine of third-party software. These bundles are encounterable on freeware downloading sites and torrenting networks and can distribute threats to your computer's safety, as well as 'nuisance' software like adware. You should let your anti-malware products delete Trojan.IStartSurf installers on sight and avoid download sources that distribute them.

The Surprising Danger Inside an Ad-Boosting Bundle

Bundles are one of the favorite ways for authors handling the distribution aspect of traditionally-undesirable software, such as search engine hijackers, ad-delivery applications and disruptive toolbars. The Trojan.IStartSurf family's history is an elaboration on how what begins as a 'harmless,' ad-trafficking exercise can turn into safety-dismantling attacks against your browser. Trojan.IStartSurf, like a Trojan downloader, can deliver various threats and PUPs to your PC and does so by bundling them with other downloads.

Trojan.IStartSurf's bundle-based delivery mechanism can include teaming up with software such as free games, but it inserts 'affiliated' programs in the installation routine. As of malware researchers' last look at the threat, further software that Trojan.IStartSurf can install includes:

  • Adware can display additional advertising content automatically, including serving potentially corrupted advertisements, such as fake updates.
  • Browser hijackers, also, have close associations with this threat. They can redirect your browser to other websites, such as when you attempt to navigate to your favorite search engine or homepage.
  • The DNS Changer, Extenbro, is worth noting especially. Unlike traditional hijackers that confine their attacks to subverting your browser's settings, Extenbro undermines the DNS configuration file. Besides redirecting you to other sites, it also blocks some security vendor domains and can prevent users from acquiring anti-virus and anti-malware services.

However, Trojan.IStartSurf is reconfigurable and can deliver other software and Trojans besides these examples.

Stopping before You Start Surfing into Trouble

Web surfers are less likely of downloading Trojan bundler families like Trojan.IStartSurf, as long as they stick to reputable sources, such as widely-recognized developer sites and curated storefronts like Google's Play Store. In contrast, an unsafe resource could include a torrenting network or an application that's requesting install permissions through an advertising network or social messaging platform like Facebook. Traditional anti-malware tools should recognize both most of Trojan.IStartSurf's payloads and the bundler executable that is Trojan.IStartSurf, itself.

The Extenbro variant of Trojan.IStartSurf's payload is considerably more invasive than a typical browser hijacker. It includes attacks such as root certificate exploits, disabling some Internet communication protocols. These features guarantee that victims will experience significant difficulties with restoring their Web-browsing access to acceptably-safe standards. Users should avoid surfing the Web on infected computers and, ideally, disable internet connections until they resolve the situation.

Using anti-malware products for deleting Trojan.IStartSurf on sight is, as always, the simplest way of keeping any PC safe from its payloads.

Carelessly accepting anything that an installer offers isn't healthy for you or your computer. Trojan.IStartSurf is just one of many families of Trojans taking advantage of that listless attitude towards computer security for money.