Have just been alerted to a new little hack called plasmoo.com, a search engine that takes over your browser – Chrome or Firefox and replaces your settings making itself your default search engine.
Anecdotal evidence and a rash of forum postings suggest that the hack is quite recent: there’s a Google Chrome post and a Firefox help question from the end of April, and a Yahoo question from 3rd May..
A quick WhoIs search reveals the Plasmoo.com site is registered by GoDaddy.com and was created on 22 Sep 2009, and updated on 16 March 2011. Quarkbase says it is hosted on Amazon.com (they rent out server space to small companies). Judging by some text that comes up, it’s probably Russian, otherwise there’s not much info about it, just a lot of complaints.
What does it do?
It seems to insinuate itself into your browser and replaces your default settings – particularly your search engine with itself and it’s tricky to get it out of your system.
Deleting and reinstalling your browser doesn’t seem to work for example.
How harmful is it?
We don’t know for sure. That Russian text doesn’t look good. It could be that it just gets money by diverting you through its site and gaining page impressions off your captive browser, or it could be something more sinister about collecting private browsing information.
The name isn’t a good sign either. Looks like the name Plasmoo is related some kind of tentacle porn name/character/scenario – which I guess would fit with the way it tangles itself up with your browser.
Doesn’t sound very nice whatever else is going on.
Give your computer a quick scan with your virus software after getting it out of your browser.