Left Slogan
Remote Edging
MoPo | Geek News
Funny Videos Exclusive to MoPo
Funny Picture of the Day
Funny Stuff Found in the MoPo Forum
Fun Flash Games & Animation
MoPo Community Forum
Windows XP Tips
Windows Computer tutorials
Search MoPo
Archive of MoPo | Geek News
 
 
<>


       Video                                     Drivers                                  Forum                                    Tutorials
Windows XP Driver Guide and Vendor Contact List Computer experts help forum Easy to understand Computer tutorials

Web site scams & Pharming "Farming"



What is pharming?
At this point there is no real evidence that a pharming scam exists. However with the recent hype about it, I'm sure that it will be sooner than later.

Definition of Pharming :: Farming or Pharming "will essentially" result of DNS (Domain name server poisoning). If you computer is infected with a "Virus" that poisons your computers DNS system, next time you go do your online banking or visit a secure site such as eBay or Paypal your computer may not be directed to the actual web page, rather to a false "Pharming Page"....Beware....The only thing that these scammers are pharming for is your identity.

Keeping your computers anti-virus software up to date will ultimately help ensure that you never become a victim of pharming.

Phishing "phising - fishing" scams are here and have an incredible similarity to pharming:

View actual e-mail phishing scams from Ebay - Wamu - Paypal and others

Learn more about how to protect yourself from identity theft

Pharming -- a new technique for Internet fraud

-by Fernando de la Cuadra

Hackers appear to have an increasing interest in reaping financial reward from their actions and creations. If, until now, phishing -- using e-mails to lure users into entering data into spoofed online banking Web sites -- was one of the most widespread fraud techniques, 'pharming' now poses an even greater threat.

DNS Poisoning & "Pharming"

Basically, pharming involves interfering with the name resolution process on the Internet. When a user enters an address (such as www.pandasoftware.com) this needs to be converted into a numeric IP address as 62.14.63.187. This is known as name resolution, and the task is performed by DNS (Domain Name System) servers. These servers store tables with the IP address of each domain name. On a smaller scale, in each computer connected to the Internet there is a file that stores a table with the names of servers and IP addresses so that it is not necessary to access the DNS servers for certain server names.

Pharming consists in the name resolution system modification, so that when a user thinks he or she is accessing to bank's Web page, he or she is actually accessing the IP of a spoofed site.

Pharming is the new phishing

Phishing owed its success to social engineering techniques, but since not all users take the phishing bait, its success was limited. Also, each phishing attack was aimed at one specific type of banking service, further reducing the chances of success. Pharming on the other hand, can affect a far greater number of online banking users.

In addition, pharming isn't just a one-off attack, as is the case with phishing e-mails, but remains present on the computer waiting for the user to access the banking services.

Anti-virus will protect against pharming

The solution against this new kind of fraud lies, as ever, in anti-virus security solutions. Pharming attacks depend on an application in the compromised system (this could be an exe file, a script, etc). But before this application can run, obviously it needs to reach the operating system. Code can enter the system through numerous channels; in fact, in as many ways as information can enter the system: via e-mail (the most frequent), Internet downloads, copied directly from CD or floppy, etc. In each of these information entry points, the anti-virus has to detect the file with the malicious code and eliminate it, provided it is registered as a dangerous application in the anti- virus signature file.

Unfortunately, the propagation speed of malware today is head-spinning, and there are more malicious creators offering their source code to the rest of the hacker community to create new variants and propagate even more attacks. The virus laboratories don't have enough time to prepare the malware detection and elimination routines for new malicious code before they start spreading to PCs. Despite the efforts and improvements from virus labs, it is physically impossible for them to prepare an adequate solution in time against some of these threats that can spread in just a few minutes.

The solution against these kinds of threats should not, therefore, depend, at least not in the front line of protection, on a reactive solution based on viral identifier files but rather systems that detect the actions that theses threats carry out. In this way, every time there is an attempted attack on the computer's DNS system (as in the case of pharming applications), the attack is recognized and blocked along with the program carrying out the attack.

However, there is an added danger with pharming, which lies in anonymous proxy servers. Many users want to hide their identity (their IP address) when using the Internet and use online proxy servers so that the connection is made under the server IP and not the client IP. In a worst case scenario, one of these proxy servers could have its name resolution system poisoned so that users trying to access their bank Web site, could actually be viewing a spoofed site, even though their local name resolution system is operating perfectly.

In any event, the threat that pharming poses is a serious one, although one that is easily resolved. Only with systems that can detect and block changes in IP address resolution systems in computers can we hope to prevent the avalanche of malicious code that will soon be upon us.

Fernando de la Cuadra is International Technical Editor at Panda SoftwwarePanda Software. He can be reached at fdelacuadra@pandasoftware.com

© 2003-2005 Grade Computers