Pharming redirects users to fraudulent websites without decoy messages, while phishing requires user action. Pharming can be achieved through compromised DNS servers or routers, potentially leading to the installation of malicious software or the collection of private information. Antivirus and firewall programs cannot protect against pharming attacks.
Pharming is a type of Internet fraud in which an attempt is made to redirect Internet users from legitimate websites to fraudulent or potentially harmful sites. It is somewhat similar to “phishing,” in which a person is sent an email or other type of “bait” message in an attempt to get that person to click on a link in the email. This link directs him to a fake website that looks like a legitimate one in the hope that he will enter sensitive or private information which is then collected by the malicious website. Pharming, however, attempts to redirect computer users to fraudulent websites without any kind of decoy message or other user action.
While both types of fraud seek to direct a computer user to a malicious website where private information can be gathered, phishing requires a user to click a link or otherwise be actively directed to the fraudulent website. Pharming attacks seek to inherently corrupt the process by which a person accesses Internet websites, in order to redirect a person to a malicious website without the user knowing that an attack is occurring. This process can mainly be achieved by one of two methods: via a compromised Domain Name System (DNS) server or a compromised router or network.
The potentially most devastating type of pharming attack would involve the corruption or “poisoning” of a DNS server. DNS servers direct Internet users to websites by converting textual hostnames such as www.wisegeek.com into numerical Internet Protocol (IP) addresses that the servers recognize. This process allows a user to type in an easily memorable hostname and be correctly directed to a site that actually has a numerical address on the Internet.
By poisoning a DNS server, a pharming attack would allow an attacker to redirect large numbers of users from the legitimate website to a malicious website, without the users ever realizing that an attack has occurred. Users would have typed the correct hostname but would have been directed by the infected DNS server to the IP address of the malicious website. This website may then install malicious software on users’ computers or simply appear legitimate and wait for users to enter private information for fraudulent purposes.
A router or other type of networking hardware can also be used as part of a pharming attack. This could be achieved through malicious software that rewrites the firmware built into the device. Firmware is software installed within a device itself, such as a router, that manages the device’s basic functions independently of other hardware or software used with it.
In routers and network servers, this firmware usually includes indications as to which DNS server the system should use. A pharming attack could potentially change this firmware to point to a specific DNS server controlled by the person coordinating the attack or that has already been poisoned. Unfortunately, antivirus and firewall programs cannot protect users from pharming attacks, and more sophisticated programs are usually required to protect network servers and routers.
Protect your devices with Threat Protection by NordVPN
