All it takes is one visit to a website to wind up with a bot-infected computer. This bot could be as innocuous as a tracking bot or as debilitating as a spam bot. When you have no idea what sites are spreading the malicious software, how do you prevent these “infections” without spending a fortune? You could manage this task manually, but when you’re dealing with even a small company, having to edit host files by hand can get tedious. Besides, if you skip an update and miss a new suspect domain/IP, you could unwittingly open up your machines to infection.
I suggest using Phrozensoft’s Mirage Anti-Bot 3.0, which is available for the Windows platform (from Windows XP to Windows 8). This easy to use application updates your computer’s host file (using data provided by abuse.ch) to blacklist specific IP addresses and domains known to be guilty of spreading bots. The data provided by abuse.ch will prevent the machine from contacting all IPs and domains added to the host file. You can even create your own rules to block websites not included in the downloaded list.
Note: No antivirus, antimalware, or antiphising software is perfect — eventually something will slip by and infect your machine.
The host file
Before we get into the installation of Mirage Anti-Bot, you might want to know what a host file does. At its most basic level, the host file maps IP addresses to domain names. In the case of Mirage Anti-Bot, it maps the IP address to the loopback address of the machine. The loopback address (127.0.0.1) is a special address that points back to the same hardware and, in the case of these newly mapped addresses, will not find what it’s looking for. This is a common means to blacklist addresses and can be considered safe.
Typically, the host file on a Windows machine is located in C:\Windows\system32\drivers\etc\ and can be edited (with administrator privileges) with Notepad. A typical entry will look like this:
IP ADDRESS hostname
The addresses added by Mirage Anti-Bot are typically related to Zeus Bot, Palevo Bot, and Spyeye Bot.
Installing Mirage Anti-Bot
- Download the compressed installation file.
- De-compress the .zip file.
- Change into the newly created mirageAB30_setup folder.
- Double-click the MirageAB_setup.exe file.
- Walk through the installation wizard.
Once it’s installed, you will find the launcher icon on the desktop (if not, look in Start | Mirage Anti-bot). Click on that icon to start the application.
Using Mirage Anti-Bot
When you first run Mirage Anti-Bot, you will have to do an update. To do this, click the Update button in the Anti-Bot window (Figure A).
First run will indicate you’ve never updated the Mirage Anti-Bot host list.
Once the update has completed, open your host file to see quite a lot of listings.
Some options are available for Mirage Anti-Bot. One of the most important options is having the software run at boot. You can find this by clicking Mirage | Settings. Check the box for Automatically Start Mirage With Windows (Figure B).
You can also configure a proxy here, if necessary.
If you are using Mirage Anti-Bot to prevent client machines from accessing sites like Facebook, you can password protect the software in the settings. Although it’s not a perfect solution (for instance, if the client has admin access, and the understanding of the host file, they can bypass this), it will prevent a number of users from getting around the system.
Creating your own entries in Mirage Anti-Bot
- Open Mirage Anti-bot.
- From the Mirage Anti-Bot window, click Manage Hosts.
- Click the Add Host button.
- Enter the hostname in the Add New Host window (Figure C).
- Click OK.
You can also create categories to make managing your blacklist even easier.
Now, when your users attempt to go to that page, they will get an error page preventing them from reaching the site.