What is Pharming?

Introduction

Pharming has nothing to do with Pharmaceuticals but has everything to do with attackers taking advantage of main Internet computers in order to re-direct your Internet Explorer to phony web-sites that steal your personal or financial information. This can implement another sinister act called Phishing, the process of getting your personal or financial information.

Technical Information

Pharming can be accomplished either at a global scale of a local one. Pharming on a global scale requires the hijacking of special servers on the internet called DNS servers. Every location on the internet is assigned a numeric address. This address is called an IP address and everything connected to the internet has one. Your banking website has one and so do you. This address is 4 numbers separated by dots. Each of the numbers can range from 1 to 255. You can access the website directly by going to that number. Remembering those numbers would be very hard so we have come up with a system of assigning those numbers to a name. The internet's method of handling that name to number process is administrated by the DNS servers.

Pharming has typically been done by exploiting vulnerabilities in the DNS servers on the Internet. If an attacker can change the IP address that the URL resolves he/she can aim you at a counterfeit website. Pharming can also be done through fraudulent communication with the Domain registrar. The attacker could have them change the DNS numbers to point to the fraudulent website. In January 2005, the Domain Name for a large New York ISP, Panix, was hijacked to point users to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.

Each individual computer also has a little list that works like a DNS server. This list can also be hijacked to make you think that you're at your banking website when you're not. This kind of hijacking is invisible and cannot be detected by anyone other than a qualified technician. Please have your computer checked on a regular basis for hijacking of this type.

Method of Infection

Typically, you may not know if you have been re-directed to an in-fake website. If the hijacking has occurred at the DNS server level, there's nothing you can do about it until the problem has been corrected by the owners of the DNS server. Infections at a local level come from downloading software from unknown sources and opening attachments to emails that are executable programs. (See: How not to get an email virus)

Detection

If you sense that a popular website you always use is asking you to re-enter your information or asking for information it already has, you should avoid it and phone them for more information. For local attacks, have your computer checked regularly by a qualified technician.

Summary

You should always be aware of your favorite websites and how they work. If the appearance of your favorite websites ever changes without notice, or if they are asking for personal information again, be aware that it may be an attempt to obtain your personal data and you should contact the institution by phone.