Hackers are using a new version of the adware server WebSearcher PUP (potentially unwanted program)
that when downloaded resets the permissions on the three most popular browsers to only use the proxy that the adware sender has desires.
What WebSearcher does can be observed in the browsers’ settings, according to Malwarebytes. With Internet Explorer the proxy settings are not only filled in by the adware, but also set so the user cannot make changes and the hacker places a note stating that these settings are controlled by the system administrator in an attempt to convince the victim that all is well with the computer.
Malwarebytes researcher Pieter Arntz told SCMagazine.com in an email Monday that the PUP was first seen on December 29 and its usage is not believed to be widespread at this point.