The security world is becoming an expert in fighting Trojans, viruses and eradicating phishing and zero day attacks.But there is always a new puzzle to solve.The latest one is known as Pharming is a sinister evolution of Phishing.Phishing is what an attacker does, is by sending an attractive email and luring him to provide some personal details.Thus it leaves a bate and waits for a bite.

The post is sectioned as below

• What is Pharming ?
• How Pharming works ?
• How can you protect yourself from Pharming ? ( Link to tutorials provided by banks for anti phishing)
• Conclusion

What is Pharming ?

In Pharming criminals divert user to a deceptive web page without the phishing email and then you are lured for some personal information with help of some exciting offer.Thus you were looking for something and you landed somewhere and get trapped if you are not careful.

Pharming is Dangerous not simply because its is more effective, but also because its is easier for attackers to pull off as they only need to modify open file, called hosts on the user system, and create a false Web page.This could easily be accomplished by a Trojan.

How Pharming works ?

In Simple words

Pharming is completely transparent to users.Unlike phishing( where it sends email) it uses false address to direct users to a bogus website where they are conned into divulging personal information.There are very few clues where user can get suspicious.

In Technical Terms

Pharming Corrupts a Domain Name Server(DNS) by replacing the DNS IP address with a fake one.[ People who don't know DNS is an Internet service that translates IP addresses ] Since we access by name and not addresses, its almost undetectable.This crime is accomplished through cache poisoning of DNS servers (a.k.a domain hijacking). This results in user’s being redirected to attackers server, where they are asked for details like Credit Card, Paypal account etc.

Four Ways of Pharming

According to the Federal Deposit insurance corporation, pharming may occur in four ways.

1. Static Domain Name Spoofing , criminal take advantage of sight misspellings in domain names to trick users into advertly visiting the attackers website.For example techcrunch.com can be misspelled as teccrunch.com
2. Malicious virus software that secretly captures data on consumers personal computer to redirect users.
3. Domain Hijacking where hacker steals the website.
4. DNS poisoning where the Internet users are redirected to a bogus website by corrupting the DNS.

Efforts By FDIC

FDIC encourages to help even banks to use digital certificates, diligently maintain their domain names and monitor for DNS poisoning and educate customers to install current versions of virus detection software firewalls and spy ware scanning.

The following links are provides courtesy of companies who have been victim of Phishing attacks.

1. Ebay Spoof Tutorial.
2. Bank Of America passmark.
3. Citibank Advice.
4. Paypal Security Spoof

How can you protect yourself from Pharming ?

The only true protection for phishing and pharming is common sense.I went through some of the bank sites and even paypal.I will collect them into points now.

For a Regular User:

• Don’t Respond to emails which u receive from banks before confirming with the bank itself if the email was from them.
• Use your eyes to watch for any fraudulent email and if found delete it.Spams!!
• Consumers should also refrain from clicking on hyper links in emails.Always remember the rule of thumb that companies never send out “account verification” messages.
• Keep your anti virus and anti-spy wares updated.I recommended using windows defender and Norton Anti-virus.But you can always lookout for more.
• Keep an eye on the status bar of your browser when you are dealing with money transaction and secured information passing.You should always check for a trusted Certificate Authority.If you receive invalid server certificates, specially when attempting to enter any site where your deposit confidential information or perform money transactions, pause before entering data.Review the certificate , if the name of certificate does not match the site, leave right away.

For Network Administrators

1. Deploy methods to protect DNS, multi factor authentication logins,single-use passwords and automatic telephone callback technologies.
2. The best defense against DNS poisoning us to ensure that you have the latest DNS software and security patches.Some vendors offer anti-pharming tools to protect you from unauthorized changes.Companies like NGSEC actively protect your windows server from pharming attacks by denying any user the permission to write to the hosts file.

Steps Taken By Government and Organizations

• The government and other organizations have also taken a proactive leadership role to figt against these intractable social problems.
• The Anti-Phishing Working Group (APWG) website has information on how to spot phishing and pharming attempts and what to do if you are a victim of such a scam.
• The “Anti Phishing Act of 2005” tried to protect the integrity of the internet by first criminalizing the bait.It makes it illegal to knowingly send out spoofed email that links to sham web sites with the intention of committing a crime.Second, it criminalises the sham web sites that are the true scene of both types of crime.

Conclusion

Phishing and Pharming are additions to top security threats that institutions are currently facing.Pharming attacks are more devious.The trend is shifting from technological attacks to those that exploit human behavior.The attackers are now not after security loop holes but after consumers behavior and their lack of knowledge.Both techniques, sending email and bogus websites can have serious consequences.So be smart, educated and keep yourself updated.

You can refer 2 more articles on phishing Phishing Mobile and Emails and How to spot a fake web site - Phishing

Tags: exploit, firewalls, fuzzing, hacks, phishing, Security, zeroday-attack