[Infographic] Hosts File Hijacking and Prevention
The hosts file is a file on the operating system that contains common DNS entries. Because these entries are the first stop in the DNS resolution process, the mappings listed here override mappings from external DNS servers. This allows administrators to set computer-specific DNS options, such as redirecting a domain to an intranet address or blocking IP addresses associated with online advertising.
Because the hosts file affects all applications that connect to a network, it’s seen as a valuable target by malware and virus distributors. Hosts file hijacking could cause popular websites to redirect to malicious websites. Although hosts file hijacking requires administrator permissions, any program that acquires administrator permissions is free to modify the file.
One of the easiest ways to prevent host file hijacking is to only allow trusted programs to run with administrator permissions. Maintaining up-to-date antivirus and antispyware applications will help detect and remove software that targets system files. Additionally, Windows 8 provides a security feature that locks the hosts file unless a specific protection setting is explicitly disabled. Generally speaking, having an up-to-date computer will greatly reduce the chance for a host file hijack.