zoneH- Making sense of pharming
What is pharming?
Pharming is a cute little term for a relatively old concept that is domain spoofing
. A number of security vendors have bandied the term for a couple of new phishing techniques. Some of these techniques don’t seem to have been used yet, and remain largely hypothetical.
How is it different from phishing?
A traditional phishing attacks relies upon users being duped into clicking on a link to a bogus banking website to capture confidential data.
Pharming has been used as a term to describe attacks by malware on the Windows HOSTS file
, so that when users types in the web address of his or her bank he or she is instead taken to the pharmer’s bogus website.
Another pharming technique is to hack and “poison” DNS (Domain Name System) servers
by redirecting your web request elsewhere. As far as the browser is concerned, it is connected to the right site. This has been happening for years and is nothing new.
However, the rise in online shopping, electronic banking and online bill payments have created a huge potential profit for criminals to gain credit card and bank account numbers from unsuspected parties
. Having said that, ISPs (Internet Service Providers) and managers of DNS servers are now much better protected – hence the desire by pharmers to attack users directly instead.
Is the DNS poison on a server or a user’s computer?
It is on the server
and occurs because of software vulnerability.
How do the hackers install the software?
In the case of attacking end-users, pharmers use Trojans
such as some variants of the BankerTrojan to force end-users’ PCs to redirect the browser when certain target URLs are detected
. The Trojan usually arrives as an attachment
to an unsolicited e-mail, which the end-user inadvertently opens.
How can computer users protect themselves from pharming?
Attacks against the HOSTS file by malware can be prevented by running an up-to-date antivirus and antispyware software
, and exercising caution over which programs you decide to run. It is also good idea to ensure that you have security patches in place as well as run a reputable firewall to stop it.
Is pharming to become a large problem in the future?
We can expect to see a rise in phishing and pharming attacks as long as there remains a large number unprotected computer
. Unfortunately, many organisations are still very lax in their application of IT security software and in adoption and enforcement of safe computing practices.