‘Pharming’ Grows As A New Web Threat
Internet has a new genre of crime called 'Pharming' that is growing rapidly, as per Trend Micro Incorporated, specialists in network anti virus & web content security software & services.
In pharming, criminals spoof users to visit proxy servers or spurious websites through the process of hacking Domain Name System (DNS) or cache poisoning. The purpose is same, and that is to steal information or infect the user's machine. Pharming can entice a user to surrender sensitive data such as password or credit card number into a fraudulent website disguising as a legitimate one. Cyber criminals have been successfully committing this crime by using innovative social engineering techniques.
The website, pharming.org explains the distinction between pharming and phishing. While in phishing the attacker requires the user to click on a link in e-mail, this is not necessary in pharming. In that the attacker can redirect the user to a malicious site even if he types correct URL into the address bar of the browser.
Senior sales engineer for Trend Micro Middle East & Africa, Samir Kirouani, in a company press release January 27 2007 divulged, the common medium of web-based attacks are e-mails that contain URLs leading users to fraudulent websites. Other prevalent techniques that Web-based hoaxes use are exploitation of browser security holes that either plant or download malicious code on media files like image, video, animation & audio files. Drive-by downloads or ActiveX controls can force the user either to download or cause automatic installation of a malicious code. Infection of the PC occurs with updates stealthily downloading multiple codes that get around traditional scanners.
The first known pharming attack occurred in the beginning of 2005. In that the attacker fooled employees of an Internet Service Provider into keying in the location transfer from one geographical region to another. When they moved the original address to the new one, the attacker successfully gained control of the site while the genuine website became inaccessible.
The complex and pervasive Web threats pose challenge to information privacy. So, Kirouani believes advanced multi-layered solutions can offset this hurdle.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 02-02-2007