Bits & Bytes;
An occasional newsletter from MCS
July,
2005 - A Bit More
--------------------------------------------------------------------------------------------
Since sending out our recent
"Bits & Bytes", we’ve had some questions about "pharming" --
the way scammers can enter your computer and redirect your
web browser to sites of their choosing. So here's… A Bit
More.
Unlike our regular
newsletters, this bit is for those interested in the more
technical aspects of computing. In other words, this is
going to be a lot geekier than usual. If that makes you
nervous, you should probably stop reading here. We won’t
think any less of you.
Meet your Host
Pharming works by altering
the "hosts" file on your PC. This file is the first place
your browser looks when you tell it to go to a website
address. Let’s go find it and take a close look at it.
Before doing anything, close
all programs (except Windows of course). Then, using My
Computer or Windows Explorer, locate your hosts file and
make a copy of it (just copy and paste it to the same
folder). You can call it oldhosts or hosts.old or whatever
suits you. Guys do not skip this step (women don’t need to
be told that).
Depending on the version of
Windows that you’re running, here’s where your hosts file
resides:
Windows 98
c\windows\hosts
Windows 2000 c\winnt\system32\drivers\etc\hosts
Windows XP c\windows\system32\drivers\hosts
Once you’ve made a copy, open
the original hosts file (right-click it, then select Open
with and Notepad). Ignore any gibberish you see in the file.
Here‘s the important thing the only line that does not begin
with "#" should read:
127.0.0.1 localhost
If that (plus the gibberish)
is all you see, then you’re OK. Just close the file without
making any changes. However, if you see something like this
(and it could be a much longer list)
80.54.28.120 hotmail.com
80.54.28.120 microsoft.com
80.54.28.120 yahoo.com
80.54.28.120 google.com
then your hosts file has been
altered.
In this particular case, if
you were to try and visit Hotmail, Microsoft, Yahoo! or
Google, your browser would be redirected to whatever site
exists at the I.P. address 80.54.28.120 .
To clean it up, delete
everything except 127.0.0.1 localhost and then save and
close the file. (It should be noted that, if you’re on a
company PC, your IT department may have had valid reasons to
alter this file. If you change it, you do so at your own
risk -- and you never heard of us!)
Sow's ears and silk purses
Now that we’ve seen how the
hosts file can be made to serve some ugly purposes, let’s
look at a way that we can alter it for our benefit.
Open your hosts file again
and highlight everything (Ctrl+A). Delete it. That’s right,
dump it all. Don’t worry, you saved a backup (…you did,
didn’t you? ;-) . Now copy and paste
this text into the empty hosts file, then save it
and close it.
OK, if you’ve peeked at the
text in question, you know it’s very long and somewhat scary
looking. Rest assured that, if you follow the directions
carefully, this will have no effect on the operation of your
computer or your Web browser. What it will do is stop most
advertisements that are incorporated into Web pages from
being displayed. You’ll just see blank spaces where the ads
are supposed to be. Once you’ve saved the new hosts file, go
to a site that puts ads on their pages (like Weather.com or
NYTimes.com) and you’ll see for yourself. (Note that it
won’t stop all ads, just those that are being pulled into
the page from someplace else.)
If you have any problems,
simply replace the contents of your hosts file with the
contents of your backup.
So what did we learn from
all this?
1.) That even things used by
the dark side of The Force can be turned to good (fewer Web
page ads is definitely good!)
2.) That Geeks aren't
necessarily smarter than you, they just know what buttons to
push, and
3.) That computers are great
when they do what you want them to do! ;-)
Questions? Give us a call.
Have fun!
|
