Anti-Bot protects you from visiting bot spreading websites - gHacks Tech News

Anti-Bot protects you from visiting bot spreading websites

Depending on the web browser you use, its version, settings, extensions and plugins installed, it is sometimes enough to visit  a website to become a victim of a successful malware attack.  There are a couple of things that you can do to protect your system and yourself, including making sure that everything is always up to date and that you have at least one security suite installed on your system that may catch the attack before it is executed successfully.

Mirage Anti-Bot is a free program for the Windows operating system that will add a blacklist of websites, domains and IP addresses to the Windows hosts file to block connection attempts to these sites automatically when they occur.

The program uses information provided by abuse.ch which maintains a database of known malware related websites. It should be clear that the protection is not 100% as the list does not contain all known or future malware domains and sites yet. It does however take care of popular sites used to spread malware.

If you are using a service to automatically blacklist sites using the hosts file, you may want to check if abuse.ch is already included. If that is the cause, there is not really a need to run Anti-Bot in addition to the other program. If you do not use any program yet, Anti-Bot may be a good start.

mirage anti-bot screenshot

To add information to the hosts file install Anti-Bot on your system, run it with administrative privileges - and not after installation using the check box - and click on the update button to download the latest site list and update the hosts file with it.

Note: Security software may block Anti-Bot from adding the information to the hosts file. This is for instance the case when you run Bitdefender Internet Security 2013 on your system which blocks any attempt of the program to manipulate the hosts file. The only option here is to disable Bitdefender's protection for the time being, run the program, update the hosts file, and enable the protection again once the process has been completed.

You can check if the hosts file has been edited by opening C:\Windows\System32\drivers\etc\hosts in a plain text editor such as Notepad. All domains are redirected to 127.0.0.1.

You can exit the program afterwards as it is only needed to update the hosts file. You may want to run it regularly though to work with the latest data set.

I recommend you enable the logging of connection attempts to sites that are automatically blocked in the program settings.

Verdict

If your resident anti-malware solution does not block bot-related websites then you may want to use the program to add protection to it using your system's hosts file and the abuse.ch block list. While it won't keep everything out, it includes many popular attack domains.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. PixelWizard said on January 28, 2013 at 7:30 pm
    Reply

    There does not seem to be any way to download the Mirage Anti-Bot software. Can’t get past this page http://phrozensoft.com/processdl_21.ps …there’s no download button or link, etc.

    Is it just me? I tried the page in 3 different browsers.

    1. Martin Brinkmann said on January 28, 2013 at 8:17 pm
      Reply

      I had no issues with the latest version of Firefox after I did enable JavaScript.

      1. PixelWizard said on January 28, 2013 at 8:24 pm
        Reply

        Oh. Thank you.

  2. Bill said on January 28, 2013 at 7:33 pm
    Reply

    For the not-so-lazy:
    winhelp2002.mvps.org/hosts.htm

  3. Morely Dotes said on January 28, 2013 at 8:38 pm
    Reply

    And for the lazy who want the MVPS hosts file and others as well, Abelhadigital’s Hostsman does great job. http://www.abelhadigital.com/hostsman

  4. jay said on January 28, 2013 at 11:55 pm
    Reply

    Spybot search and destroy does this too

  5. Bill said on January 29, 2013 at 2:35 am
    Reply

    I quit using HostsMan because of problems but I see Two whole years later, it’s
    finally been updated. Thanks.

  6. Transcontinental said on January 29, 2013 at 5:58 pm
    Reply

    If you’re managing a HOSTS file by yourself and/or use HostsMan as it’s manager application, following links for direct download (works fine in HostsMan’s source ) :

    SpyEye Tracker blocklist : https://spyeyetracker.abuse.ch/blocklist.php?download=hostfile
    ZeuS Tracker blocklist : https://zeustracker.abuse.ch/blocklist.php?download=hostfile

    More info for tracking lists :
    SpyEye Tracker : https://spyeyetracker.abuse.ch/blocklist.php
    ZeuS Tracker : https://zeustracker.abuse.ch/blocklist.php

    1. Martin Brinkmann said on January 29, 2013 at 7:56 pm
      Reply

      Thanks, great info.

  7. Renee said on January 29, 2013 at 6:05 pm
    Reply

    maybe someone “not so lazy” instruct us how to add to HostsMan those 3 blocklist from abuse.ch (ZeuS, SpyEye, Palevo – which links) and if it is redundant having Malaware domain list .

  8. Jim said on January 29, 2013 at 9:49 pm
    Reply

    I read that having a large hosts file could significantly degrade network performance because the system scans the hosts file during each transaction. Is that true?

    1. Transcontinental said on January 29, 2013 at 11:20 pm
      Reply

      I’ve been told large HOSTS file issues could occur when the DNS Client service was running. I’ve set this service to disabled 10 years ago and never had to switch it back on. Never understood the pertinence of that service …
      Otherwise, depends what “large” is. I have a 60,000 items’ HOSTS file, but I don’t know how things would run with 10x more. I think that the DNS Client Service closed should prevail in demonstrating that the issue is the port rather than the file size….

  9. Patrick said on January 29, 2013 at 10:15 pm
    Reply

    @Transcontinental: My Hostman update will not allow any webpages using https: I get an error, when I drop the ‘s’ as http: Hostman accepts that webpage but when downloading the Host file from those locations get error message …failed . failed.
    Any ideas as to why https: is not allowed?
    Patrick

    1. Transcontinental said on January 29, 2013 at 10:57 pm
      Reply

      Patrick, I have no idea at this time why HostsMan on your system refuses above mentioned https urls. I have both links accepted here.
      When you added those https in HostsMan’s ‘Manage Update Sources’, have you checked the link via ‘Edit…’ and ‘Test Connection/Test’ ? It should work for https and refuse http, bacause the page is https only …

      I’ll think about it. This is odd. If anyone has an idea …

      1. Patrick said on January 29, 2013 at 11:36 pm
        Reply

        @Transcontinental: I hit the edit button and got the message: a big red X Protocol (:https” not supported.
        I am using HostsMan v3.2.73 (latest stable)
        if I take the ‘s’ out of the https then it passes Edit test but when updating I get the following:
        – SpyEye Tracker blocklist… check failed.

        Strange, anyone can help?

      2. Transcontinental said on January 30, 2013 at 12:36 pm
        Reply

        @Patrick, maybe is the issue related to HostsMan v3.2.73 ? I am running HostsMan 4.0.88 Beta 9, though the latest beta is HostsMan 4.0.90 Beta 10 (but I dislike latest output).
        HostsMan 4.0.88 Beta 9 is really keen, much faster than v. 3.2.73. I’m not a beta fanatic but moods are made to be trespassed sometimes, here I think is a valid opportunity, IMO.
        Perhaps will the https issue be resolved with 4.88.9 or 4.0.90 Beta 10.

  10. Transcontinental said on January 29, 2013 at 11:08 pm
    Reply

    Anti-Bot also protects from the Palevo C&C Domains and, while there is also a dedicated page for Palevo Tracker ( https://palevotracker.abuse.ch/blocklists.php ), unfortunately it seems there is no dedicated HOSTS file. All I found was a domain list ( https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist ) which because of its non HOSTS format cannot be downloaded via HostsMan.

    I had to download it apart and add a leading 127.0.0.1 (or 0.0.0.0 or 0) to every line, which is cumbersome even if the list is excessively small (48 entries at this time). I have no idea of the dynamism of this list and, being unable to have it be checked with HostsMan, I’ve set a rule on changedetection.com to alert me if/when the list would change.

  11. Patrick said on January 31, 2013 at 12:08 am
    Reply

    @Transcontinental, I updated to the Beta version and have no problem now!!!
    Thanks,
    Panama Patrick

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.