An attacker has installed a RAT on a host.

The hosts file on a computer maps domain names to IP addresses locally. By modifying this file, an attacker can redirect traffic destined for legitimate sites (e.g., www.MyPersonalBank.com) to malicious IP addresses (e.g., a phishing server).

The hosts file takes precedence over DNS queries, making it a simple but powerful tool for local redirection.

Windows hosts file location: C:\Windows\System32\drivers\etc\hosts

Linux/Unix hosts file location: /etc/hosts

Reference – CEH v13 Official Study Guide:

Module 6: Malware Threats

Quote:

“Attackers can redirect users to phishing or malware sites by altering the local hosts file, bypassing DNS resolution.”

Incorrect Options:

A. boot.ini is for boot configuration, not DNS resolution.

B. sudoers controls administrative privileges in Linux.

C. networks is for defining network names, not URL resolution.

=