Pharming

Source: Wikipedia, the free encyclopedia.

Pharming

DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.[citation needed
]

The term "pharming" is a

spyware removal software
cannot protect against pharming.

Pharming vulnerability at home and work

While malicious domain-name resolution can result from compromises in the large numbers of trusted nodes from a name lookup, the most vulnerable points of compromise are near the leaves of the Internet. For instance, incorrect entries in a desktop computer's

hosts file, which circumvents name lookup with its own local name to IP address mapping, is a popular target for malware. Once rewritten, a legitimate request for a sensitive website can direct the user to a fraudulent copy. Personal computers such as desktops and laptops
are often better targets for pharming because they receive poorer administration than most Internet servers.

More worrisome than host-file attacks is the compromise of a local

ISP
). An attacker could specify a DNS server under his control instead of a legitimate one. All subsequent resolutions would go through the bad server.

Alternatively, many routers have the ability to replace their

man in the middle attacks
, and traffic logging. Like misconfiguration, the entire LAN is subject to these actions.

By themselves, these pharming approaches have only academic interest. However, the ubiquity of consumer grade wireless routers presents a massive vulnerability. Administrative access can be available wirelessly on most of these devices. Moreover, since these routers often work with their default settings, administrative passwords are commonly unchanged. Even when altered, many are guessed quickly through dictionary attacks, since most consumer grade routers don't introduce timing penalties for incorrect login attempts. Once administrative access is granted, all of the router's settings including the firmware itself may be altered. These attacks are difficult to trace because they occur outside the home or small office and outside the Internet.

Instances of pharming

On 15 January 2005, the domain name for a large New York ISP,

Melbourne IT (now known as "Arq Group") "as a result of a failure of Melbourne IT to obtain express authorization from the registrant in accordance with ICANN's Inter-Registrar Transfer Policy."[1]

In February 2007, a pharming attack affected at least 50 financial companies in the U.S., Europe, and Asia. Attackers created a similar page for each targeted financial company, which requires effort and time. Victims clicked on a specific website that had a malicious code. This website forced consumers' computers to download a Trojan horse. Subsequent login information from any of the targeted financial companies was collected. The number of individuals affected is unknown but the incident continued for three days.[2]

In January 2008,

Symantec reported a drive-by pharming incident, directed against a Mexican bank, in which the DNS settings on a customer's home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting-card company.[3]

Controversy over the use of the term

The term "pharming" has been controversial within the field. At a conference organized by the Anti-Phishing Working Group, Phillip Hallam-Baker denounced the term as "a marketing neologism designed to convince banks to buy a new set of security services".

See also

Notes

  1. ^ The word "pharming" is pronounced as "farm-ing".

References

  1. ^ "ICANN review blames Melb IT for hijack". The Sydney Morning Herald. March 16, 2005.
  2. ^ "Pharming Attack Targeted Bank Customers Worldwide". PCWorld. 2007-02-22. Retrieved 2020-07-24.
  3. ^ Messmer, Ellen (January 22, 2008). "First case of "drive-by pharming" identified in the wild". Network World.
Sources

External links