>Not sure what a URL hijack is. Explain what you mean?
take a look at
http://www.w3.org/Security/faq/wwwsf7.html question 68 for w3c's summary
We first learned about this whilst talking to a major software supplier. Apparently the trick is to clone the target web site with a near perfect duplicate. Then load your metatags with all the appropriate search terms that will draw occasional victims to your site rather than the real one. An appropriate script makes the 'correct' url appear in the url address bar. The third party then intercepts the traffic between an innocent surfer and the real web site. At the very least they may capture priveleged data; the clever ones have even managed to masssage the data resulting in the surfer placing a legitimate order for goods, paying for them and only learning that he's been hijacked when the real supplier confirms they despatched the goods 4 weeks ago - and they haven't arrived (the third party has siphoned them off to his address and changed the records after the event to reflect the correct address)
Harry