Here's an interesting tactic by hijackers

Discussion in 'Computers' started by DKSuddeth, Apr 27, 2004.

  1. DKSuddeth
    Offline

    DKSuddeth Senior Member

    Joined:
    Oct 20, 2003
    Messages:
    5,175
    Thanks Received:
    61
    Trophy Points:
    48
    Location:
    North Texas
    Ratings:
    +62
    I'm still not sure how this happened but I'm researching it.

    I found that I couldn't get to one of my technical forums the other day. Going to the site brought up a user name and password window when it shouldn't have. Turns out that something replaced my hosts file with this...

    127.0.0.0 localhost
    127.0.0.1 and.doxdesk.com
    127.0.0.2 auditmypc.com
    127.0.0.3 boards.cexx.org
    127.0.0.4 bulletproofsoft.net
    127.0.0.5 camtech2000.net
    127.0.0.6 cexx.org
    127.0.0.7 computercops.us
    127.0.0.8 ct7support.com
    127.0.0.9 doxdesk.com
    127.0.0.10 eblocs.com
    127.0.0.11 enigmasoftwaregroup.com
    127.0.0.12 forum.aumha.org
    127.0.0.13 free-spyware-scan.com
    127.0.0.14 free-web-browsers.com
    127.0.0.15 grc.com
    127.0.0.16 grisoft.com
    127.0.0.17 hackfaq.org
    127.0.0.18 hazeleger.net
    127.0.0.19 javacoolsoftware.com
    127.0.0.20 kellys-korner-xp.com
    127.0.0.21 kephyr.com
    127.0.0.22 lavasoft.de
    127.0.0.23 lavasoftusa.com
    127.0.0.24 lurkhere.com
    127.0.0.25 majorgeeks.com
    127.0.0.26 merijn.org
    127.0.0.27 mjc1.com
    127.0.0.28 moosoft.com
    127.0.0.29 mvps.org
    127.0.0.30 net-integration.net
    127.0.0.31 noadware.net
    127.0.0.32 no-spybot.com
    127.0.0.33 onlinepcfix.com
    127.0.0.34 pchell.com
    127.0.0.35 pestpatrol.com
    127.0.0.36 safer-networking.org
    127.0.0.37 secure.spykiller.com
    127.0.0.38 secureie.com
    127.0.0.39 security.kolla.de
    127.0.0.40 spybot.info
    127.0.0.41 spychecker.com
    127.0.0.42 spychecker.com
    127.0.0.43 spycop.com
    127.0.0.44 spyguard.com
    127.0.0.45 spykiller.com
    127.0.0.46 spyware.co.uk
    127.0.0.47 spyware-cop.com
    127.0.0.48 spywareinfo.com
    127.0.0.49 spywarenuker.com
    127.0.0.50 spywareremove.com
    127.0.0.51 spywareremove.com
    127.0.0.52 stopzillapro.com
    127.0.0.53 sunbelt-software.com
    127.0.0.54 thiefware.com
    127.0.0.55 tomcoyote.org
    127.0.0.56 unwantedlinks.com
    127.0.0.57 webattack.com
    127.0.0.58 wilders.org
    127.0.0.59 www.auditmypc.com
    127.0.0.60 www.bulletproofsoft.net
    127.0.0.61 www.cexx.org
    127.0.0.62 www.computercops.us
    127.0.0.63 www.ct7support.com
    127.0.0.64 www.doxdesk.com
    127.0.0.65 www.eblocs.com
    127.0.0.66 www.enigmasoftwaregroup.com
    127.0.0.67 www.free-spyware-scan.com
    127.0.0.68 www.free-web-browsers.com
    127.0.0.69 www.grc.com
    127.0.0.70 www.grisoft.com
    127.0.0.71 www.hackfaq.org
    127.0.0.72 www.hazeleger.net
    127.0.0.73 www.javacoolsoftware.com
    127.0.0.74 www.kellys-korner-xp.com
    127.0.0.75 www.kephyr.com
    127.0.0.76 www.lavasoft.de
    127.0.0.77 www.lavasoftusa.com
    127.0.0.78 www.lurkhere.com
    127.0.0.79 www.majorgeeks.com
    127.0.0.80 www.merijn.org
    127.0.0.81 www.mjc1.com
    127.0.0.82 www.moosoft.com
    127.0.0.83 www.mvps.org
    127.0.0.84 www.net-integration.net
    127.0.0.85 www.noadware.net
    127.0.0.86 www.no-spybot.com
    127.0.0.87 www.onlinepcfix.com
    127.0.0.88 www.pchell.com
    127.0.0.89 www.pestpatrol.com
    127.0.0.90 www.safer-networking.org
    127.0.0.91 www.secureie.com
    127.0.0.92 www.security.kolla.de
    127.0.0.93 www.spybot.info
    127.0.0.94 www.spychecker.com
    127.0.0.95 www.spychecker.com
    127.0.0.96 www.spycop.com
    127.0.0.97 www.spyguard.com
    127.0.0.98 www.spykiller.com
    127.0.0.99 www.spyware.co.uk
    127.0.0.100 www.spyware-cop.com
    127.0.0.101 www.spywareinfo.com
    127.0.0.102 www.spywarenuker.com
    127.0.0.103 www.spywareremove.com
    127.0.0.104 www.spywareremove.com
    127.0.0.105 www.stopzillapro.com
    127.0.0.106 www.sunbelt-software.com
    127.0.0.107 www.thiefware.com
    127.0.0.108 www.tomcoyote.org
    127.0.0.109 www.unwantedlinks.com
    127.0.0.110 www.webattack.com
    127.0.0.111 www.wilders.org

    anyone else ever seen this before?
     
  2. jimnyc
    Offline

    jimnyc ...

    Joined:
    Aug 28, 2003
    Messages:
    10,113
    Thanks Received:
    244
    Trophy Points:
    83
    Location:
    New York
    Ratings:
    +246
    Yep, happened to me once before too! I forget which one, but it was a program that I installed. Obviously it was somce kind of security or antivirus program but it was a long time ago.

    Just be happy you're knowledgeable to know what a hosts file is, the average user wouldn't have a clue!

    Whatever software does this (or malicious program) is trying to restrict you from certain sites. In your case it would appear something was/is trying to prevent your from visiting sites that may help you fix/cure problems with your machine.

    If you haven't already, I would suggest running adaware or spybot!
     
  3. DKSuddeth
    Offline

    DKSuddeth Senior Member

    Joined:
    Oct 20, 2003
    Messages:
    5,175
    Thanks Received:
    61
    Trophy Points:
    48
    Location:
    North Texas
    Ratings:
    +62
    I do run ad aware, however, I don't think ad aware repairs host files. I made sure that it won't ever happen again though.

    I made my hosts file read-only.
     
  4. jimnyc
    Offline

    jimnyc ...

    Joined:
    Aug 28, 2003
    Messages:
    10,113
    Thanks Received:
    244
    Trophy Points:
    83
    Location:
    New York
    Ratings:
    +246
    Good choice. These bastards are getting pretty crafty at ways of screwing with machines lately.

    Just an idea, you may want to invest in adaware pro. It comes with an extra component called 'adwatch' that will monitor your program live time and prevent malicious programs and websites from doing anything to your computer.
     
  5. jimnyc
    Offline

    jimnyc ...

    Joined:
    Aug 28, 2003
    Messages:
    10,113
    Thanks Received:
    244
    Trophy Points:
    83
    Location:
    New York
    Ratings:
    +246
    Would that minor investment happen to be Kazaa?
     
  6. 5stringJeff
    Offline

    5stringJeff Senior Member

    Joined:
    Sep 15, 2003
    Messages:
    9,990
    Thanks Received:
    536
    Trophy Points:
    48
    Location:
    Puyallup, WA
    Ratings:
    +540
    For the not-quite-so-intellegent, what exactly are host files, and how would one make them read-only?
     
  7. jimnyc
    Offline

    jimnyc ...

    Joined:
    Aug 28, 2003
    Messages:
    10,113
    Thanks Received:
    244
    Trophy Points:
    83
    Location:
    New York
    Ratings:
    +246
    It's more or less like a local DNS server. When you type in www.yahoo.com for example, your machine will look at your hosts file to see if you have an entry for that site that points to a specific IP address. If you don't have an entry, it will use your ISP to resolve that hostname to an IP address and then contact the site. Hosts files will be more prominent within companies that can use them to point pc's to internal machines.

    If I put 127.0.0.1 www.yahoo.com in your hosts file you would never again get to yahoo by typing in their name, it would resolve to your local PC instead of their actual site.
     
  8. eric
    Offline

    eric Guest

    Ratings:
    +0
    A now common spyware technique. Easily prevented and cured though.
     
  9. 007
    Offline

    007 Charter Member Supporting Member

    Joined:
    May 8, 2004
    Messages:
    38,600
    Thanks Received:
    7,922
    Trophy Points:
    1,130
    Ratings:
    +12,215
    Who pays for programs at all?:mm:
     
  10. NewGuy
    Offline

    NewGuy Guest

    Ratings:
    +0
    Spybot is a better program for spyware, and its free.

    Running any form of *nix OS cuts this stuff down to a minimal percentage of occurance.

    I still maintain all people need to learn a *nix OS just like driving a manual transmission and learning how to change a tire.
     

Share This Page