What is Pharming?
Pharming (pronounced “farming”) is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a “bait” message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser.
Continues ..
Pharmers re-direct their victims using one of several ploys. The first method – the one that earned pharming its name – is actually an old attack called DNS cache poisoning. DNS cache poisoning is an attack on the Internet naming system that allows users to enter in meaningful names for Web sites (www.mybank.com) rather than a difficult to remember series of numbers (192.168.1.1). The naming system relies upon DNS servers to handle the conversion of the letter-based Web site names, which are easily recalled by people, into the machine-understandable digits that whisk users to the Web site of their choice. When a pharmer mounts a successful DNS cache poisoning attack, they are effectively changing the rules of how traffic flows for an entire section of the Internet! The potential widespread impact of pharmers routing a vast number of unsuspecting victims to a series of bogus, hostile Web sites is how these fraudsters earned their namesake. Phishers drop a couple lines in the water and wait to see who will take the bait. Pharmers are more like cybercriminals harvesting the Internet at a scale larger than anything seen before.
Pharming exampleOne of the first known pharming attacks was conducted in early 2005. Instead of taking advantage of a software flaw, the attacker appears to have duped the personnel at an Internet Service Provider into entering the transfer of location from one place to another. Once the original address was moved to the new address, the attacker had effectively “hijacked” the Web site and made the genuine site impossible to reach, embarrassing the victim company and impacting its business. A pharming attack that took place weeks after this incident had more ominous consequences. Using a software flaw as their foothold, pharmers swapped out hundreds of legitimate domain names for those of hostile, bogus Web sites. There were three waves of attacks, two of which attempted to load spyware and adware onto victim machines and the third that appeared to be an attempt to drive users to a Web site selling pills that are often sold through spam email.
read more @ http://us.norton.com/cybercrime/pharming.jsp
_different article_
Pharming – Redirecting website traffic to bogus sites
Most of you would have heard about Phishing. But have you heard about Pharming?
Pharming is just another example of how hackers try to manipulate computer users via the Internet.
Basically, pharming is the act of redirecting a website’s traffic to another, bogus Web site, without them ever knowing it happened. When you want to visit a Web site, you type its domain name into your Web browser and that is then translated into an IP address by the means of a DNS server. After all of that goes through, the information is then stored in your computer’s DNS cache.
Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. Hackers then redirect you to a false site, one determined by the hacker.
Pharming can also occur as an e-mail virus that can destroy a user’s DNS cache. Other pharmers can ruin whole DNS servers as well. Luckily, most DNS servers have good security features, but it still doesn’t make them immune. So, if you’re on a Web site that looks strange, you may be caught in a pharming incident. If that happens, restart your computer to reset your DNS settings, run your antivirus scan and then try going to the same site again. If it still looks odd, contact your ISP and tell them what’s been going on.
While pharming is not as commonly known as phishing scams, it can still be very dangerous. So, always be on the lookout and keep yourself safe.
