A new and more stealth phishing scam has entered the Internet scam market. According to this link, scammers are now able to manipulate the hosts files in users' computers, thus redirecting them to their nefarious Web sites without the user ever realizing it. This is mainly done with script-laden emails, some of which may not even require users clicking on any links – just opening the email is enough.
Frankly I am surprised that it took this long for scammers to employ this trick. But abolishing the hosts file, as some experts might suggest, is not a solution to curb the crackers using this trick. First of all hosts files are still legitimate means of translating names into ip addresses. I bet many organizations still use them internally as a quick and simple DNS alternative. Secondly, hosts files are invaluable for debugging. I can't tell you how many times I have used the hosts file to troubleshoot DNS problems, access issues, or other host name related quirks. Without the hosts file, I would have had to tinker with a name server which is a lot more complex and may itself be the root of the problem.
Finally, who's to say the bad actors won't change the computer's DNS entries to point to their own evil name servers. If they can change the hosts files, modifying DNS entries takes just a little more work.
Let's not eliminate a helpful tool out of fear and desperation. Practicing good security is the only way to fight these types of attacks.
Technorati
Del.icio.us
Slashdot
Digg
twitter
First of all hosts files are still legitimate means of translating names into ip addresses. I bet many organizations still use them internally as a quick and simple DNS alternative.
Robert i am trying to do just this....i can redirect the page to another page but i want to redirect it to a file.htm on the local computer (so that the file will say this page has been blocked if you feel you need this page to do your job..blah blah...) but i can seem to figure it out...or to point it to a url www.whatever.com/error.htm
any help here would be great.thnks
hosts file and dns are only used to translate domain names and nodes into ip addresses.
if you want to redirect from another host, you can modify the hosts file to point the domain to the local computer (generally 127.0.0.1) and then
consult your local web server docs for page redirection.
It would be nice if one of you experts could provide a succinct and easily understood description of how someone would recognize a fradulent entry in a host file. Because I am using an anti-spyware package that uses the host file to block spyware sites, my host file is full of entries. Would I look for something other than 127.0.0.1 in the "value"?