Monday, June 25, 2007


What is Pharming?

Pharming has been called the ‘next generation’ of Phishing. Phishing requires a person to respond to a phoney e-mail in order to be taken to an illegitimate site; in Pharming, the targeted person need not respond to anything—he or she is automatically whisked to the illegitimate site.

How does Pharming work?

Pharmers use ‘DNS poisoning’, or domain hijacks, to redirect users to illegitimate URLs in an attempt to gather personal data. DNS Poisoning is when your DNS files are ‘poisoned’ with bad information. So, for example, if you have a record that points to a trusted host, a hacker with malicious intent can change it and point you in a different direction.

Domain hijacking is when a hacker takes over a domain name illegally and directs traffic coming to that domain to wherever he wants to take it. Both methods can be used to direct users to fake Web sites that look like legitimate ones, and make users disclose personal information.

When did Pharming first appear on the scene?

Pharming is simply a new application of well-known security weaknesses. There is no ‘first Pharming attack ever’.

Who pharms?

Pharmers are the same kind of identity thieves who used techniques such as Phishing. Pharming is more sophisticated because it does not require the intervention of the user!

Where have I seen an instance of Pharming?

The recent hijack of New York ISP Panix is typical of the type of threat that might emerge—such a domain hijack could well be the first step in a Pharming attack.


step in a Pharming attack.

No comments: