Check If One of the Computers in Your Network is Infected or Hacked with Pharming

Introduction

Pharming is an attack to a computer. When the computer is hacked, if you want to visit the bank website, the computer browser will show you another website. If your bank website is "bank.com", you can type in the URL of the browser "bank.com", but you will be visiting another website. As a victim, you will be typing your user and password to somebody else.

It is terrible when someone comes to you and tells you that there is no money in their account. When you find out, the PC this person was using to make transactions is infected with pharming. For anyone, it is easy to check if a single computer is infected. You just need to check if the hosts file has an entry. But when you have thousands of computers, it is hard to check each one of them.

I decided to write a simple program which checks the host file of every computer in my network, so I can find out easily which computer is infected or hacked.

Background

This small application can help you save safe money and protect people in your network. The pharming attack is causing a lot of problems. Using .NET framework, you can be a hero and protect the users pocket.

Using the Code

Here is the main method of the console application. You will see that there is a call to a method which checks the hosts file. You need to have administrative rights to run this computer otherwise you will see errors for permission.

static void Main(string[] args)
{
//Console.Read();
int cantidad = 0;
#region List All The Computers in the NetWork
//Note : Dominio.com is the name of my domain for testing purposes.
DirectoryEntry entry = new DirectoryEntry("LDAP://Dominio.com");
DirectorySearcher mySearcher = new DirectorySearcher();
mySearcher.SizeLimit = 1200;
mySearcher.PageSize = 300;
mySearcher.SearchRoot = entry;
mySearcher.Filter = ("(objectClass=computer)");
Console.WriteLine("Listing of computers with pharming in the Network");
Console.WriteLine("============================================"); 
foreach (SearchResult resEnt in mySearcher.FindAll())
{
cantidad++;
string ComputerName = resEnt.GetDirectoryEntry().Name.ToString().Replace("CN=", "");
CheckIfInfected(ComputerName);
}
Console.WriteLine("=========== End of Listing =============");
Console.WriteLine(cantidad);
#endregion
}

Now, you need to add the method which is called from the Main. Here is the source code:

private static void CheckIfInfected(string ComputerName)
{
try
{
string Path = string.Format(@"\\{0}\c$\windows\System32\drivers\etc\hosts", ComputerName);
StreamReader sr = new StreamReader(Path);
string filestring = sr.ReadToEnd();
int b = filestring.IndexOf("bank.com");
if (b > 0)
{
Console.WriteLine(string.Format("Computer:{0} is infected", ComputerName));
}
sr.Close();
}
catch (Exception err)
{
Console.WriteLine(string.Format("Computer:{0}|Error:{1}", ComputerName, err.Message));
}
}

You can copy and paste this souce code to a C# console application. Please do not hesitate to ask questions.

Points of Interest

After running this code as a task and checking if someone is about to lose, you feel like a hero.

History

• This is the first version.