The phishing waves are soaring
higher, and now online-banking users
are already being plagued by the
next generation hacking technique:
Pharming. This technique also attempts
to not just steal data but also to lure
surfers toward fraud bank sites.


Pharming is described as the
redirection of the URL calls in the browser
to fraud web sites, during which time
these criminals manipulate the break up
of the IP address through the Domain
Name Server (DNS). The aim in doing so
is to mislead users to fraud sites and bank
offers and ask for confidential information.
Viruses and Trojans often change the
‘hosts’ file locally on the user’s computer.
The called address does not appear in
the browser, and it loads a different URL
altogether, so these attacks are practically
non identifiable for the user. If you do not
use any security suite, or if you are not
hundred percent sure about the URL you
have, you can still unmask such attacks.
The best way to tackle such attacks
is to check the contents of the hosts file
from time to time.



To do so, navigate
to the ‘C:\Windows\system32\drivers\
etc’ folder in Windows Explorer and
open the file with a text editor. Usually,
it contains the following line apart from
an explanation: ‘127.0.0.1 localhost’ If it
contains any more lines, that have not
been entered by your system administrator
or ISP, delete the lines immediately and
save changes to the file.
You could also write-protect the file
so Windows asks for your permission
every time it wants to edit the file. To do
so, right-click on the file and select the
‘Properties’ context command.

In the
‘General’ tab, activate the ‘Read Only’
file attribute and confirm the change
with ‘Apply’ and ‘OK’. This makes access
harder for malicious programs. This is
because now, a Trojan must first acquire
administrator rights to remove this write-
protection to go ahead.


You could further enhance protection
for this file by using the following script.
It monitors the size of the ‘hosts’ file
and warns in case of changes. Type the
following lines in a text editor:
Set objFSO = CreateObject
(‘Scripting.FileSystemObject’)
Set.objFile = objFso GetFile
(‘C:\Windows\system32\drivers\etc\
hosts’)
If objFile Size <> 851 then
‘hosts’ has changed: ‘&objFile
Size&’Byte.’
End if
Depending on the operating system
change the path to the Hosts file in the
second line. In Windows Explorer, check
the current size of the file. Then replace
the value ‘851’ with the actual size. Finally,
save the script as ‘hosts_size_checker.vbs’
in the Windows folder.


You can now create another link to the
script in the Startup folder or automate the
call with the help of the task scheduler.
Unless anything changes, you do not even
notice the script. However, when the size
of the Hosts file changes, you will receive
a message indicating this has happened.