Damn, if only there was a way to like, prevent write permissions of a particular program and/or user so that this couldn’t happen.
I remember editing the hosts file to prevent an online license check after applying a crack for Adobe back when I was a child. Seems Adobe decided it is payback time lol.
This is what some viruses and malware do as well.
Some other viruses and malware.
Adobe’s name is mud right now.
I see what you did there.
Adobe has no scruples.
I used to work for a full-disk encryption vendor in the 2000s, and one customer had an issue where the machine would BSOD sometimes if both our product and Adobe Acrobat were installed. It seemed a mystery or just a red herring - what on Earth did Acrobat do that could trigger a kernel-mode crash?
Turned out that every hour or so, Acrobat would be reading and writing back the master boot record (containing the OS bootstrap code and partition table) on the primary hard drive. The bug was ours (to unlock the hard drive keys at boot we had to put different data there and redirect I/O after Windows started, and this redirection code would crash once in a blue moon), but Adobe has no business mucking about with this extremely sensitive data.
That is bananas. What was Acrobat doing with the MBR?
I suspect it was part of some stupid copy protection scheme.
Probably making sure that the sweet telemetry reaches their server after the URL got included in some blocklist. Solves nothing as who included the URL, now will include the IP address.
If you’re using any DNS based blockers and the IP is in the hosts file it will still resolve, right? To block IP you would have to setup some completely different solution like a firewall.
Right, it won’t ask the DNS server to resolve it, the solution requires a much more expensive blocking on firewall
Unless you run a pihole server
No, a machine won’t even contact the pihole if it finds the address in its hosts file. Hosts is step 0 for DNS, so if it finds something there it doesn’t even bother with contacting an external server (like a pihole).
i realized that the problem with an hosts file is the the system will completely bypass the dns server and directly contact the address. There is the need of something that enforces an IP address blocklist at the router level like opnsense
This is no different to the meta pixel localhost listener exploit.
