The HOSTS file is the virtual equivalent of the phone company's directory assistance. Where directory assistance matches a person's name to a phone number, the HOSTS file maps domain names to IP addresses. Entries in the HOSTS file override DNS entries maintained by the ISP. By default 'localhost' (i.e. the local computer) is mapped to 127.0.0.1, known as the loopback address. Any other entries pointing to this 127.0.0.1 loopback address will result in a 'page not found' error. Conversely, entries can cause a domain address to be redirected to a completely different site, by pointing to an IP address that belongs to a different domain. For example, if an entry for google.com pointed to an IP address belonging to yahoo.com, any attempt to access www.google.com would result in a redirect to www.yahoo.com.
Malware authors are increasingly using the HOSTS file to block access to antivirus and security websites. Adware may also impact the HOSTS file, redirecting access to gain affiliate page view credit or to point to a booby-trapped website that downloads further hostile code.
Fortunately, there are steps you can take to prevent unwanted modifications to the HOSTS file. Spybot Search & Destroy includes several free utilities that will not only block changes to the HOSTS file, but can protect the Registry from unauthorized changes, enumerate startup items for quick analysis, and block known bad or alert on unknown ActiveX controls.
