Hosts file

List of addresses of known computers

The hosts file is a list of the IP addresses of known, and usually trusted, systems. Its intention is to save on bandwidth by removing the need for repeated DNS lookups for commonly contacted hosts.

The hosts file can be used as a security measure, for example by adding the addresses of known insecure or advertising sites; thus when a site attempts to load advertising from an affiliate it will be directed to a non-existent site.

However, malware often takes advantage of this by adding lists of useful places such as security companies, pointing any attempt to connect to them at a spurious address, usually 127.0.0.1, the address of the local system. The result of this is that any attempt to browse to these addresses for information and advice will fail, and in many cases security software will be unable to update itself. Many anti-malware products will detect such changes to the hosts file as a sign of a compromised system.

Glossary


	Similar entries Browser Helper Object Buffer overflow Command and control Cookie False positive Greyware Hacker tool Man-in-the-middle attack Open redirect Potentially unwanted Riskware Rogue anti-malware Social engineering Stack overflow Vulnerability Web bug Zero-day exploit See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Malware Prevalence

Autorun
Encrypted/Obfuscated
Heuristic/generic
Sality
Zbot

View this month's full report

Virus Bulletin currently has 224,239 registered users.

Fighting malware and spam

Hosts file

See also