Re: Unknown Hosts file

From: ePAc (epac@korigan.net)
Date: 04/02/02 

Date: Mon, 1 Apr 2002 17:32:27 -0800 (PST)
From: ePAc <epac@korigan.net>
To: David Tan <dtan@chipscc.com>

Setting hosts to bogus/erroneous address is one way that anti add/popup
work. Some of these, when installed, also install a integration plugin to
allow a user to select an add and instruct the program to effectively
"blackhole" the given website. Does that user have such a program
installed ? (as a side note, most of those will leave their "custom host
file" in there, even after uninstall...) 

---
Nothing is foolproof to a sufficiantly talented fool...
  oo
,(..)\
  ~~

On 2 Apr 2002, David Tan wrote:

>
>
> I have a client machine running Windows 2000
> Professional.  All of a sudden, one day, the user was
> unable to access several of the most popular
> websites (i.e. google, yahoo, cnn, etc.).  I noticed that
> the machine was attempting to access the wrong IP
> address for all the websites, in fact, it was attempting
> to access the SAME IP address for every website in
> the group.  After some research, I found there was a
> Hosts file with all the domains in question listed, and
> the erroneous IP address.  Has anyone ever come
> accross an incident where a virus or trojan would
> place a Hosts file onto a system.  I have thoroughly
> scanned the machine for viruses, open ports, etc.
> and found nothing.  Is there anything else I should be
> on the lookout for?
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Qualys
    ... The real question he should have asked is; well, how many hosts do you ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • New wss site Blank page on Fresh Win2008 x64 - SQL2008 - WSS3 setu
    ... the problem I got was while playing with a completely fresh install of ... Since this is a test machine, I added a hosts entry to have the newly ... work - always got prompted for credentials. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: WindowsUpdate_80244019 Help
    ... we'll recommend a tool that will install ... the latest Windows Update Agent and reset automatic updates [aka Windows ... Update in Vista]. ... Is that entry in HOSTS, ...
    (microsoft.public.windowsupdate)
  • RE: Scanning Class A network
    ... Using multiple hosts to execute the scan. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: WindowsUpdate_80244019 Help
    ... we'll recommend a tool that will install the latest Windows Update Agent and reset automatic updates [aka Windows Update in Vista]. ... The HOSTS.sam file has been overwritten with a backup of the HOSTS file on my system so I can't see if that entry is unusual or atypical, but it should have no bearing as to any of the MS update servers. ...
    (microsoft.public.windowsupdate)