Spyware :: Threats :: Browser Hijackers :: Host Hijack

Host Hijack

When you type in a URL in the address bar in your browser, it queries a DNS to try and resolve the domain name to an IP address. However the hosts file can be used to bypass this process as it checks the host file before querying the DNS. The locations are as follows depending on your operating system;

c:\windows\hosts [Windows 95/98/me]
c:\winnt\system32\drivers\etc\hosts [Windows NT/2000/XP Pro]
c:\windows\system32\drivers\etc\hosts [Windows XP Home]

The host file is very useful for blocking sites that are known to conduct bad behaviour, like a site that provides Hijackers for download, or Ad sites that use cookies for tracking users (doubleclick). The file just contains text and is by default empty. For example, instead of using a DNS to convert google to (The Google UK site) I'm going to tell the browser to resolve google.com to (the CNN website) using the host file. Within the host file I typed; google.com www.google.com

This will affect all programs connected to the Internet not just Internet Explorer. Some Hijackers have used this technique to redirect popular sites to their website. For example it's possible to redirect all popular search engines to a website of your choice. The kind of attack can be very hard for the average user to fix, and will most likely require specialist software or detailed instructions given to help people fix this kind of attack. Other practises involve changing auto.search.msn.com to redirect to their website, so whenever users type an incorrect URL it will redirect to auto.search.msn.com but then resolve it to a different IP address of the hijackers choice. This will also not be fixed if you reset web settings because all that does it set you search page back to auto.search.msn.com, and leaves the hosts file unaltered.

Browser Hijackers : Further Info on Adoko
Further Information
URL Prefix Attacks
Internet Reset Hijack (iereset.inf hijack)
Adoko Forum - If you've been hijacked, and need any advice on how to remove it - try the adoko forum.

Browser Hijackers : Links
Internet Controller - A program from Adoko.com, you might find this useful for sorting out hijacking problems.
Hijackthis - A great program for sorting out hijacking problems.