Mochabomb

Web Design and Technical notes

Mochabomb header image 2
vTiger php.ini settings Add remove programs broken

Killl spyware apps - can’t phone home

November 16th, 2006 10:37 pm · No Comments

This fix is quite simple in approach - lie about the true location of websites - how?

Every domain name is mapped to a number - its called domain name service - DNS. The internet equivalent of the phone book which maps a name to a phone number. The internet equivalent is to map a domain name to an Internet Protocol (IP) address - now imagine this:

Imagine I get a spyware/virus and it tricked my computer so instead of getting the right IP address for google or yahoo, I got an intentionally wrong answer - see below:

Correct addresses:

  • google.com 64.233.167.99
  • yahoo.com 66.94.234.13
  • WhenUClickOnMe Toolbar Search (evil) 208.13.12.145

Spoofed and faked addresses:

  • google.com 208.13.12.145
  • yahoo.com 208.13.12.145
  • WhenUClickOnMe Toolbar Search (evil) 208.13.12.145

Every time I wanted google, I got WhenUClickOnMe search. When I then visit and use the results and click, someone gets paid. That is what a lot of spyware does - want google, you got WhenUClickOnMe because the address was faked in your system.
The average PC with spyware made the spyware company around $2 - so invade just 100,000 PC’s and you can see the incentive for companies to write this stuff. Read here and another one here


 What this fix does is this: the local machine always has an IP address of 127.0.0.1 - this fix replaces all the entries for spyware, malware, I-dont-want-it-ware, and banner-ad sites with 127.0.0.1. This tells the computer “the address for hittbox.com is 127.0.0.1″ where the computer looks, finds nothing and moves on to display the page - without the banner - or maybe a spot saying it can’t find it. Do I miss the monkey walking back and forth to click on and be the winner, etc - you’ve seen them - No.

Install: you are responsible for any and all problems that may arise from this install.

The hosts file (no extension) is located at c:\windows\system32\drivers\etc\hosts

  • I suggest for you to back up your existing hosts file - rename it to hosts-november15,2006.txt or something with a date for easy reference.

Make sure your custom entries are entered into the new hosts file - or just add its contents to your existing file (that you made a copy of :) )

  1. copy/rename the original hosts file as noted above.
  2. Save the downloaded hosts.txt file in C:\windows\system32\drivers\etc\
  3. either rename it to hosts (no extension) or add its conents (use wordpad) to your existing hosts file.
  4. Disable and Enable your ethernet connection (Start-Control Panel-Networking) - this reloads the hosts file
  5. Enjoy faster and cleaner surfing.
  • Note - if you need a certain site that is coming back blank, note the name, open hosts, put a # in front of it, repeat step 4.
  • I do get some error messages - like “hittbox.com had a 1203 error” - Yeah, yes you did, because I blocked you sucker! Ha!

    These icons link to social bookmarking sites where readers can share and discover new web pages.
    • del.icio.us
    • Digg
    • Slashdot
    • Technorati
    • MisterWong
    • Reddit

Tags: Networking

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment