|
|
|
|
|
| ISP HOME | DIALUP PLANS | ACCESS NUMBERS | HELP & SUPPORT | CONTACT | ||
 |
|
|
|
|
|
|
A New Security Threat - Pharming©2005-2006 US Netizen [ other US Netizen articles Phishing Firewalls Antivirus Antispyware] What is Pharming?
As with Phishing, the ultimate purpose is to separate you from your money. How does Pharming Work?Pharmers have two main ways of operating: directly on users' computers or on domain name servers that resolve Web site addresses for users. Similar to phishing, Pharmers send e-mails to users requesting that account information needs to be updated. The difference from phishing is that the email contains a virus that installs small software programs on users' computers. When a user tries to go to the bank's real Web site, the program redirects the browser to the pharmer's fake site. It then asks a user to update information such as logons, PIN codes or other sensitive information. Savvy users that do not click on the links in the email are still subject to this attack because it uses a virus to direct the browser to the scammers website. The pharmers' second method takes advantage of the fact that Web sites have alphanumeric names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site. Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address within the DNS server. This technique can only be stopped at the server and there is little that the end-user can do. Here are recent examples of pharming in action: Hushmail gets Pharmed Online Bank gets Pharmed A more recent example showed that a webserver running Apache was compromised. In this example, links to the website as shown in searches on Google, Yahoo, and MSN sometimes directed the user to a Russian website where they attempted to collect money from the user. Pharming is like planting seeds of malicious viruses. As users are later directed to the fake site, the pharmers harvest the sensitive information. How to Avoid PharmingThe virus-based method of pharming is stopped by maintaining up-to-date antivirus, antispyware, and firewalls on your computer. This will greatly reduce the possibility that a virus will redirect you to the malicious web site. Additionally, be careful when entering sensitive information on a website. Look for the lock A list of popular financial sites that use a secure page for logins is maintained on pharming.org. They also have a shocking list of financial sites that use an unsecure login page. To use this type of site, do not enter your username and password on the unsecure login page. Instead, just click login and you should get an error on a secure page telling you that you forgot your username or password. Verify that the error page is secure Threat AssessmentUntil recently, it appeared that the server-based portion of pharming affects only Windows servers. The main method of altering the DNS records if through "DNS Poisoning" that is a known vulnerability on Windows servers. A patch is available for Windows NT4 and Windows 2000 servers. Windows 2003 servers are not vulnerable. Server operators should refer to this Microsoft article on "DNS cache pollution." The February 2006 example of cache poisoning on an Apache server indicates that the threat of Pharming could grow [pun not intended].
|
|
|
|
Don't buy any Spyware software until you read this.
1-866-350-9085 Great Connections How can you go wrong? Can't get DSL or cable? Don't want to pay those high fees? US Netizen Internet Service is faster with Overdrive
|
US Netizen has great prices on Internet service.
Sign Up On-Line or by Telephone FREE SETUP Instant Account Activation |
|||
|
|
|
|
|
© 2004-2008 USNetizen, P.O. Box 1452, Helena, MT, 59624 |
or key icon 
at the bottom of the browser. If the site has changed since your last visit, be suspicious. When in doubt, do not use the website. 
