Web site scams & Pharming "Farming"
What is pharming?
At this point there is no real evidence that a pharming scam exists. However with the recent hype about it, I'm sure that it will be sooner than later.
Definition of Pharming ::
Farming or Pharming "will essentially" result of DNS (Domain name server poisoning). If you computer is infected with a "Virus" that poisons your computers
DNS system, next time you go do your online banking or visit a secure site such as eBay or Paypal your computer may not be directed to the actual web page, rather to a false "Pharming Page"....Beware....The only thing that these scammers are pharming for is your identity.
Keeping your computers anti-virus software up to date will ultimately help ensure that you never become a victim of pharming.
Phishing "phising - fishing" scams are here and have an incredible similarity to pharming:
View actual e-mail phishing scams from Ebay - Wamu - Paypal and others
Learn more about how to protect yourself from identity theft
Pharming -- a new technique for Internet fraud
-by Fernando de la Cuadra
Hackers appear to have an increasing interest in reaping financial reward from their
actions and creations. If, until now, phishing -- using e-mails to lure users into
entering data into spoofed online banking Web sites -- was one of the most widespread
fraud techniques, 'pharming' now poses an even greater threat.
DNS Poisoning & "Pharming"
Basically, pharming involves interfering with the name resolution process on the Internet.
When a user enters an address (such as www.pandasoftware.com) this needs to be converted
into a numeric IP address as 184.108.40.206. This is known as name resolution, and the task is
performed by DNS (Domain Name System) servers. These servers store tables with the IP address
of each domain name. On a smaller scale, in each computer connected to the Internet there is a
file that stores a table with the names of servers and IP addresses so that it is not necessary
to access the DNS servers for certain server names.
Pharming consists in the name resolution system modification, so that when a user thinks he or
she is accessing to bank's Web page, he or she is actually accessing the IP of a spoofed site.
Pharming is the new phishing
Phishing owed its success to social engineering techniques, but since not all users take the
phishing bait, its success was limited. Also, each phishing attack was aimed at one specific
type of banking service, further reducing the chances of success. Pharming on the other hand,
can affect a far greater number of online banking users.
In addition, pharming isn't just a one-off attack, as is the case with phishing e-mails,
but remains present on the computer waiting for the user to access the banking services.
Anti-virus will protect against pharming
The solution against this new kind of fraud lies, as ever, in anti-virus security solutions.
Pharming attacks depend on an application in the compromised system (this could be an exe file, a script, etc). But before this application can run, obviously it needs to reach the operating system. Code can enter the system through numerous channels; in fact, in as many ways as information can enter the system: via e-mail (the most frequent), Internet downloads, copied directly from CD or floppy, etc. In each of these information entry points, the anti-virus has to detect the file with the malicious code and eliminate it, provided it is registered as a dangerous application in the anti- virus signature file.
Unfortunately, the propagation speed of malware today is head-spinning, and there are more
malicious creators offering their source code to the rest of the hacker community to create
new variants and propagate even more attacks. The virus laboratories don't have enough time
to prepare the malware detection and elimination routines for new malicious code before they
start spreading to PCs. Despite the efforts and improvements from virus labs, it is physically
impossible for them to prepare an adequate solution in time against some of these threats that
can spread in just a few minutes.
The solution against these kinds of threats should not, therefore, depend, at least not in the front
line of protection, on a reactive solution based on viral identifier files but rather systems that
detect the actions that theses threats carry out. In this way, every time there is an attempted attack
on the computer's DNS system (as in the case of pharming applications), the attack is recognized and
blocked along with the program carrying out the attack.
However, there is an added danger with pharming, which lies in anonymous proxy servers. Many users want
to hide their identity (their IP address) when using the Internet and use online proxy servers so that
the connection is made under the server IP and not the client IP. In a worst case scenario, one of these
proxy servers could have its name resolution system poisoned so that users trying to access their bank
Web site, could actually be viewing a spoofed site, even though their local name resolution system is
In any event, the threat that pharming poses is a serious one, although one that is easily resolved.
Only with systems that can detect and block changes in IP address resolution systems in computers can
we hope to prevent the avalanche of malicious code that will soon be upon us.
Fernando de la Cuadra is International Technical Editor at Panda SoftwwarePanda Software. He can be reached at firstname.lastname@example.org