中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecuritySecurity Vulnerabilities

Pharming and Anti-pharming Mitigations and Technologies

Pharming is an attack in which a user can be fooled into entering sensitive data such as a password or credit card number into a malicious web site that impersonates a legitimate web site. It is different than phishing in that the attacker does not have to rely on having the user click a link in an email to deceive the user-- even if the user correctly enters a URL (web address) into a browser's address bar, the attacker can still redirect the user to a malicous web site.

Pharmers have two main ways of operating: directly on users' computers or on domain name servers that resolve Web site addresses for users.

In the first way, Pharmers send e-mails to users requesting that account information needs to be updated, just like the case of phishing. The difference from phishing is that the email contains a virus that installs small software programs on users' computers. When a user tries to go to the bank's real Web site, the program redirects the browser to the pharmer's fake site. It then asks a user to update information such as logons, PIN codes or other sensitive information. Savvy users that do not click on the links in the email are still subject to this attack because it uses a virus to direct the browser to the scammers website.

The pharmers' second method takes advantage of the vulnerability in the DNS server, the machines responsible for resolving Internet domain names into their IP addresses, that allows a hacker to acquire the Domain Name for a site, and to redirect traffic from that website to another web site. This is so called DNS poisoning or DNS spoofing.

Anti-Pharming Mitigations and Technologies

The virus-based method of pharming is stopped by maintaining up-to-date antivirus, anti-spyware, and firewalls on your computer. This will greatly reduce the possibility that a virus will redirect you to the malicious web site.

Additionally, be careful when entering sensitive information on a website. Look for the lock or key icon secureat the bottom of the browser.  If the site has changed since your last visit, be suspicious. When in doubt, do not use the website.

A list of popular financial sites that use a secure page for logins is maintained on pharming.org. They also have a shocking list of financial sites that use an unsecure login page. To use this type of site, do not enter your username and password on the unsecure login page.  Instead, just click login and you should get an error on a secure page telling you that you forgot your username or password.  Verify that the error page is secure secureand log in from there.

The DNS poisoning or spoofing related pharming happens very rarely. The main method of altering the DNS records if through "DNS Poisoning" that is a known vulnerability on Windows servers. A patch is available for Windows NT4 and Windows 2000 servers. Windows 2003 servers are not vulnerable.

Related Terms: Pharming, Anti-pharming, Phishing, Anti-phishing, Anti-Spam

‹ Network Security of WAN: ATM, Frame Relay an Broadband AccessupPhishing and Anti-phishing Mitigations and Technologies ›