Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

Check If One of the Computers in Your Network is Infected or Hacked with Pharming

0.00/5 (No votes)
9 Jul 2015 2  
The Pharming is an attack difficult to detect for the user does not have idea what it going on.

Introduction

Pharming is an attack to a computer. When the computer is hacked, if you want to visit the bank website, the computer browser will show you another website. If your bank website is "bank.com", you can type in the URL of the browser "bank.com", but you will be visiting another website. As a victim, you will be typing your user and password to somebody else.

It is terrible when someone comes to you and tells you that there is no money in their account. When you find out, the PC this person was using to make transactions is infected with pharming. For anyone, it is easy to check if a single computer is infected. You just need to check if the hosts file has an entry. But when you have thousands of computers, it is hard to check each one of them.

I decided to write a simple program which checks the host file of every computer in my network, so I can find out easily which computer is infected or hacked.

Background

This small application can help you save safe money and protect people in your network. The pharming attack is causing a lot of problems. Using .NET framework, you can be a hero and protect the users pocket.

Using the Code

Here is the main method of the console application. You will see that there is a call to a method which checks the hosts file. You need to have administrative rights to run this computer otherwise you will see errors for permission.

static void Main(string[] args)
{
//Console.Read();
int cantidad = 0;
#region List All The Computers in the NetWork
//Note : Dominio.com is the name of my domain for testing purposes.
DirectoryEntry entry = new DirectoryEntry("LDAP://Dominio.com");
DirectorySearcher mySearcher = new DirectorySearcher();
mySearcher.SizeLimit = 1200;
mySearcher.PageSize = 300;
mySearcher.SearchRoot = entry;
mySearcher.Filter = ("(objectClass=computer)");
Console.WriteLine("Listing of computers with pharming in the Network");
Console.WriteLine("============================================"); 
foreach (SearchResult resEnt in mySearcher.FindAll())
{
cantidad++;
string ComputerName = resEnt.GetDirectoryEntry().Name.ToString().Replace("CN=", "");
CheckIfInfected(ComputerName);
}
Console.WriteLine("=========== End of Listing =============");
Console.WriteLine(cantidad);
#endregion
}

Now, you need to add the method which is called from the Main. Here is the source code:

private static void CheckIfInfected(string ComputerName)
{
try
{
string Path = string.Format(@"\\{0}\c$\windows\System32\drivers\etc\hosts", ComputerName);
StreamReader sr = new StreamReader(Path);
string filestring = sr.ReadToEnd();
int b = filestring.IndexOf("bank.com");
if (b > 0)
{
Console.WriteLine(string.Format("Computer:{0} is infected", ComputerName));
}
sr.Close();
}
catch (Exception err)
{
Console.WriteLine(string.Format("Computer:{0}|Error:{1}", ComputerName, err.Message));
}
}

You can copy and paste this souce code to a C# console application. Please do not hesitate to ask questions.

Points of Interest

After running this code as a task and checking if someone is about to lose, you feel like a hero.

History

  • This is the first version.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2015 by comasnet
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-20:1