What is Pharming and How to Stay Out of it?
“Pharming” is the term used to describe a type of online attack where the attacker redirects a website traffic to another which in most cases will be a bogus one or sometimes the replica of the original website. Pharming is often combined with phishing attacks as a means to acquire information necessary for online identity theft. Pharming is often conducted by using any of the following ways:
The first one is by changing or adding a new entry to the HOSTS file of the victim’s computer. By this way the attacker can point a given domain name (website) to the IP addresses that he has control over. When users type the URL of a website (such as online banking or e-commerce) they are often taken to a bogus website where they become victims of online identity theft.
The other way of conducting pharming is by changing the DNS server configuration of the victim’s computer, so that the new settings contain IP address of rogue DNS server that is often owned and maintained by the attacker. DNS servers are responsible for resolving Internet names (domain names) into their actual IP addresses. Compromised DNS servers are sometimes referred to as “poisoned”. Thus, the attacker has full control over a large number of computers that are running on a poisoned DNS server where he can now redirect users to bogus websites.
Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Attackers often carry out pharming attack for financial gains via identity theft or for generating fraudulent advertising revenue.
Steps to avoid Pharming:
The after effects of pharming can be devastating if proper measures are not employed to stay out of it. Having an antivirus program installed on your computer and a properly configured firewall can be highly effective against these type of attacks. In most cases, the DNS changing malware programs are distributed as video codecs and other freeware utilities. So, users are advised not to download or install programs from untrusted sources on the Internet.