Malware uses it for their own reasons, where the two most common ones are:
Pointing: for example, system administrators use the hosts file to map intranet addresses.Blocking: some people (who are oftentimes unaware that hosts files can be installed by their security programs) use them to block unwanted sites by connecting malicious or otherwise unwanted domains to the IPs 127.0.0.1 or 0.0.0.0 that both point at the requesting system itself, so in effect there will be no outgoing traffic for these requests.
These predefined entries in the hosts file can exist for several reasons: Possible reasons to change the hosts file
HOSTS FILE LOCATION WINDOWS
To replace or alter the hosts file, you will need Administrator privileges, but every user has “Read” permissions.īefore resolving an internet request (to look up the IP that belongs to a domain name), Windows looks in the hosts file to see if there is a predefined entry for that domain name (the speed dial, remember?). The hosts file does not have an extension, but it can be viewed by opening it with Notepad (or something similar). By default, this file’s folder location is (and has been since Windows NT/2000) %systemroot%\SYSTEM32\DRIVERS\ETC, where %systemroot% is usually the C:\Windows directory. The actual location of the hosts file is stored in the registry under the key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, in the value, DataBasePath. What if someone was able to change that directory and you end up calling a one dollar per second number when you wanted to call a relative? Basically, that is what we will discuss here. Some systems only have a few numbers stored and others have lots of entries. The hosts file is like your speed dial directory for the internet.
In an earlier blog post about DNS hijacks, we briefly touched on the hosts file.
0 kommentar(er)
