[Dshield] OT: Discussion forums for spyware, adwareandmalware in general?

Bjorn Stromberg bjorn at thechemistrylab.com
Thu Dec 4 16:56:54 GMT 2003


----- Original Message ----- 
From: "Bert Sinclair" <BSinclair at rmin.riss.net>
To: <list at dshield.org>; <bjorn at thechemistrylab.com>
Sent: Thursday, December 04, 2003 8:43 AM
Subject: Re: [Dshield] OT: Discussion forums for spyware,adwareandmalware in
general?


> Bjorn,
> You said,  "..I add that server name to my hosts file and route it
> somewhere nice and null." Can you give me an example of that entry.
> Also, what is GPO ?

The hosts file is used to lookup IP Addresses before your computer attempts
to use a DNS server to look it up. So when any network application gets a
reference to a host (i.e. ad.doubleclick.net) it needs to convert that to a
routable IP Address before it can establish communication. With the host
file I can prevent that application from contacting that host by telling it
that I already know the IP Address and giving it a unroutable IP address
(0.0.0.0).

This works exceptionally well for Web-based ads and spyware. It can prevent
a lot of popups from even taking place and those that do occur are usually a
blank window. It can also prevent spyware from being surreptitiously
installed by null-routing the sites that hosts the files (i.e.
install.xxxtoolbar.com).

I built my hosts file by hand and it reflects the sites that I visit. There
are other more comprehensive hosts files out there, but I feel they're a bit
bloated and probably out of date. If you'd like a copy of my hosts file,
shoot me an e-mail off-list and I can send it to you.

Here's a little snippet from my hosts file:

0.0.0.0 creatives.as4x.tmcs.net
0.0.0.0 www.adsincontext.com
0.0.0.0 adserver.adsincontext.com
0.0.0.0 download.softwareds.com
0.0.0.0 ping.180solutions.com
0.0.0.0 bis.180solutions.com
0.0.0.0 download.gigatechsoftware.com
0.0.0.0 ms107cfg.mysearch.com
0.0.0.0 imgfarm.com
0.0.0.0 content.ebates.com
0.0.0.0 www.topmoxie.com
0.0.0.0 www.ebates.com
0.0.0.0 www.sysupdates.com
0.0.0.0 adsatt.movies.starwave.com
0.0.0.0 adblock.linkz.com
0.0.0.0 www.overture.com
0.0.0.0 overture.com
0.0.0.0 install.xxxtoolbar.com
0.0.0.0 www.xxxtoolbar.com

GPO is the Group Policy Object(?) used in Microsoft Active Directories. It
is used to control aspects of each user's PC when they log in to your
domain. You can have your GPO disable right clicking on the desktop, disable
cookies in IE, hide drives from explorer, etc. It is a centralized way to
distribute rules throughout your enterprise. GPO is obviously of no use at
home, but you can still set your Internet Explorer settings to be more
secure manually.

Bjorn Stromberg




More information about the list mailing list