Check out this host file hijack found on this website.  The hijacker methodically replaced a large list of baniks (apparently mostly UK banks) in the user’s host file with a name that resolved to the hackers IP address.  (For the newbies: Your host file is like an address book for your internet connections.  Click here for an easy writeup on host files or here for a more technical writeup.)

In other words, you merrilly go to Barclay’s bank and get redirected to the hackers website.  The sad thing is it’s such a stupidly simple hack.

This is just another reason why it’s a good idea to lock down your host file.  Wayne Cunningham explains how to do that here.  But remember that nothing is foolproof, as nasty spyware programs like CoolWebSearch are masters of altering read-only hosts files.  

<snip snip>
O1 – Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk
O1 – Hosts: 141.225.152.142 www3.aibgbonline.co.uk
O1 – Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk
O1 – Hosts: 141.225.152.142 login.iblogin.com
O1 – Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk
O1 – Hosts: 141.225.152.142 inet.barclays.co.uk
O1 – Hosts: 141.225.152.142 iibank.barclays.co.uk
O1 – Hosts: 141.225.152.142 iibank.cahoot.com
O1 – Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk
O1 – Hosts: 141.225.152.142 ww.hsbc.co.uk
O1 – Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je
O1 – Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com
O1 – Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 – Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 – Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
<snip snip>

 

Alex Eckelberry