Re: New Entries in my Host File
From: Frode (news_at_mascot.REMOVETOREPLY.dyndns.org)
Date: Thu, 25 Sep 2003 11:53:27 +0200
-----BEGIN PGP SIGNED MESSAGE-----
> I have a Windows XP System running behind a PIX 501 firewall. I went to
> go to google to look up some information and came to a page advertising
> some type of security software. It said to go to my host file and remove
> the entries. I went to my host file and found the entries below had been
> added. Has anyone else seen this? Where does it originate from?
AFAIK it's done via an IE hole. Apparently a very limited hole in this case
since all it seems to enable is the editing of the hostfile to hijack a ton
of search engines and redirect you to a crappy search site instead. Spybot
S&D's solution is to just make the hosts file read-only I believe.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
-----END PGP SIGNATURE-----