Pharming
- For pharming in genetics, see pharming (genetics). For pharming in drug abuse, see pharming parties.
Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses — they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play on farming and phishing. The term phishing refers to social engineering attacks to obtain access credentials such as user names and passwords. In recent years both pharming and phishing have been used to steal identity information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming. Pharming is becoming the attack du jour of today's hackers
Instances of pharming
In 2004, eBay.de was hijacked by a German teenager.
In January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a site in Australia. No financial losses are known.
Controversy over the use of the term
The term pharming is controversial within the field. At a conference organized by the Anti-Phishing Working Group, Phillip Hallam-Baker denounced the term as "a marketing neologism designed to convince banks to buy a new set of security services." There are no known instances of pharming causing financial loss.
See also
References
- ^ A. Juels and M. Jakobsson and S. Stamm. "Active Cookies for Browser Authentication".
- ^ "Can You Trust a Wireless Router?". Indiana University Bloomington. February 24, 2006.
- "Security: Phishing and Pharming". Windows IT Pro Magazine. June 22, 2005.
- "How Can We Stop Phishing and Pharming Scams?". CSO Magazine. July 20, 2005.
External links
- ZD Net Article "Alarm over "Pharming" Attacks
- Wired News: Pharming Out-Scams Phishing
- Network World Article on New Anti-Pharming Technology
- eWeek article on the Hushmail.com DNS pharming attack
- pharming.org: Describes current state of the art in solutions to the pharming problem, and also has a list of sites that are and are not Pharming Conscious (PhC)
- After Phishing? Pharming!