Pharming
Pharming is a scam that is being spread through the Internet. It is based on a manipulation of the DNS requests from Web browsers ( for example, DNS spoofing ) to redirect the user to spoofed websites. It is an evolution of the classic phishing.
Method
Pharming has established itself as a generic term for various types of DNS attacks. One method here is the local manipulation of the host file. Here, with the help of a Trojan horse or a virus, a specific manipulation of the system carried out with the consequence that specifically fake sites are displayed by this system, although the address was entered correctly. Users can be referred to deceptively replicated pages of a bank for example. By up-dated and properly configured security software (active background guard, active firewall ) should seek to prevent such tampering.
Technical Background
To an alphanumeric URL ( Internet address) to an IP address, the operating system usually contacts a DNS server. However, each operating system has this also has an internal list, such as the 'hosts' file. Before a DNS server is contacted, the operating system first looks in the hosts file, whether here the name ( or Internet address ) is already listed. If so, contact the DNS server is unnecessary.
Pharming is corrupted DNS server by DNS Flooding ( one computer is an address resolution suggests "on suspicion" before he has queried the real DNS server) or most easily by malware manipulated addresses in the local hosts file the operating system of a website is by banks, etc. redirected to another server.
Thus, the user enters despite the correct URL on the wrong side, without even realizing it.
This method achieved as well as the Phishing despite the usual dispatch of the Trojan with mass emails only a limited number of recipients.
The aim of these actions is usually, credit card information or similar security-related or sensitive information (such as online discussions ) to steal.
Especially targeted attacks on individuals, this form is also used by working illegally bureaus. These create complex profiles on the respective target person. Client use the information gained from risk assessments for insurance companies, staffing, lending and Others
Opportunities to discover Pharming
Since pharming attacks are usually carried out in an obvious to the client DNS caches or individual hosts, it helps to consult DNS servers from different networks. If the response matches, it is very likely that no pharming attack is present.
Next can be determined by polling the IP address in a WHOIS database both the location and a description of the provider and the blacklist status.
Are purchases made through the Web or banking transactions carried out, then the page must be "safe ", so the address must begin with https://. When data is transmitted via https, then the server must authenticate with a certificate is replaced. Who issued the certificate, can be directly specified in the certificate, but this information is very easily manipulated. Therefore, you should use either the fingerprint of the certificate compared to a transmitted on post, for example. The fingerprint is usually an MD5 or SHA1 checksum. If these match the certificate is genuine. A more convenient method is the signature of the certificate is through a trusted third party who has previously examined the certificate of authenticity. If such a signature is present, the certificate will usually automatically accepted by the browser or is this signature visible in the certificate details. Many users are right here vulnerable because they ignore warning messages or not taken seriously.
A https:// at the beginning of the URL guaranteed until a secure connection when you can be sure that the certificate is genuine.
The use of special software for electronic banking (eg, professional cash, VR - NetWorld Software, Moneyplex, WISO, T-Online) can protect against pharming and phishing (helps in general, but just as virus scanners or firewalls against these types of attacks ).