A new internet security product is offering protection against
pharming, a variation on phishing that takes advantage of
vulnerabilities in web browsers to redirect users to fake web
sites, even when they type the correct internet address into their
browsers.
Unlike phishing, pharming does not rely on the victim taking
an action, such as clicking on a link in a bogus e-mail, to trigger
an attack. It is also very difficult for victims to detect – until
they discover an unexpected hole in their finances, or a black mark
on their credit rating.
There are two types of pharming attack. One corrupts local
Domain Name System (
DNS
) servers at the network level
and the other corrupts a
PC
's Host file at the
individual level.
When a user types a
URL
, such as www.google.com,
into their internet browser, a request goes to a local
DNS
server, which then locates the registered
IP
(internet protocol) address for that web server.
This exchange is the weak link in the internet's infrastructure.
When a pharmer poisons a
DNS
server, he changes the
IP
address for the domain and sends visitors to a
completely different web site, usually without their
knowledge.
To understand this process, think of an
IP
address as a person's phone number. Similarly, a
DNS
server would be equivalent to a phone book, which looks up the web
site's name and produces the
IP
address. In a pharming
attack, the pharmer simply changes the phone numbers in the phone
book and leads users to counterfeit web sites.
This is also the case with Host file pharming attacks. In
addition to corrupting the
DNS
server, pharmers can
corrupt the Host file on a user's
PC
. The Host file is
another phone book that translates the web site's
URL
into a numeric code. When a pharmer changes the information on a
user's Host file, they change the
IP
address for a
domain and send the visitor to the false site. The user usually has
no idea the host file has been changed, nor does the average user
know how to check their host file.
Unfortunately, users cannot tell that they have been a victim
of a pharming attack by simply looking at the URL in their internet
browsers. In fact, the
URL
and the site itself will
most likely look legitimate to site visitors.
San Diego-based Anonymizer Inc. believes that it has a
solution: proactively defending users against pharming attacks by
routing all customer internet traffic through Anonymizer's
protected
DNS
servers, which are secured against all
known instances of pharming attacks.
Anonymizer says its on-line identity protection solutions
intercept all browser requests before returning the page to the end
user. Due to the fact that the user's host file is never accessed,
people using Anonymizer are protected from these vicious
attacks.
"The rise of on-line shopping, internet banking and electronic
bill paying has created a large target for criminals to capture
login information, credit card numbers, and more," said Lee
Itzhaki, director of product management at Anonymizer.
"While the industry is scrambling to develop tools to combat
pharming attacks, Anonymizer's sophisticated network-based security
model allows us to adapt to a variety of new threats in near
real-time without any changes to the user's software or systems.
This proactive protection enables consumers to defend themselves
against increasingly sophisticated threats and to continue to enjoy
the convenience of the internet without fear of having their
identities stolen or compromised," he concluded.
