PortuguêsItalianoFrançaisDeutschEspañolEnglish
Search & Destroy
Our team of malware analysts monitors the Internet 24 hours a day seven days a week...

Hosts File and Spybot Immunization

July 24th, 2017

hosts file detour

Did you know about the #Hosts file? It is just a text file without an extension. You can find it in the folder C:\Windows\System32\drivers\etc on your PC.
This Hosts file offers a simple and alternative name resolution mechanism. It maps a hostname to an IP address by using two columns, the target and the source address. These values are usually separated by tabs.

Example:

104.244.42.193 twitter.com
127.0.0.1 cheating.you

The first example would send your twitter.com requests to the IP address 104.244.42.193, regardless of what result your DomainNameService would return. This feature makes it easy for hijackers. It is a common attack vector used to manipulate your internet communication. Malware tries to redirect security and antimalware related hostnames to prevent your computer from updating signatures. Spybot – Search & Destroy scans your Hosts file for such unauthorized modifications with our ‘Microsoft.Windows.RedirectedHosts’ signatures.

The second example maps the remote ‘cheating.you’ domain to the local IP address 127.0.0.1 on your computer, also called ‘localhost’. If your computer tries to connect to ‘cheating.you’, all requests are redirected to ‘localhost’ and therefore blocked. Spybot – Search & Destroy uses this technique as part of it’s proactive protection to lock out bad domains.

So we strongly recommend to use Spybot’s immunization, regular system scans and of course regular updates of the Spybot signatures.