Farming or "Pharming?"

A pharming attack is where a user attempts to browse to a legitimate web site and is instead redirect to a malicious web site that impersonates the real site. Ultimately allowing the malicious web site to steal information entered by the unsuspecting user. There are three primary forms of Pharming attacks.

DNS Poisoning

This type of attack is where dns servers are compromised and modified to advertise improper IP addresses. When a user types in a url such as www.tracesecurity.com, that name is resolved via DNS to an IP address. The IP address in turn tells your computer how to reach the web site being requested. If a DNS server can be compromised to send a different IP address instead of the real one, when the user types the url www.tracesecurity.com they will instead be sent to a malicious web site.

SpyWare

Spyware has been around for a number of years but has become a common way for legitimate and malicious parties to gain information about your computer habits. Though some forms of spyware are legal, malicious code can be used to modify your computer to go to sites other then you requested. A simple example is a modification to the .host. file on your computer. Most computers have this file though it is rarely modified. If an entry is put into the host file to resolve the domain www.tracesecurity.com to an IP address of 10.1.1.1, then when a user attempts to browse to that url, their computer will use the entry from the host file rather then performing a DNS lookup. Since spyware can be loaded onto your computer through web browsing or applications downloaded via the internet, it is difficult to defend against.

Search Engine poisoning

When a user goes to a search engine such as Google and types in an organization name, they make the assumption that the responses that are generated will probably relate back to that domain. However, malicious individuals have started creating web sites that mimic legitimate web sites and have gotten their information published into these search engines. Ultimately when a user types in an organization name, the malicious web site might end up being listed above the legitimate web site. If the malicious web sites looks like the real web site, the user will have no idea they are not where they assume they are. In addition, many users attempt to simply guess the url for the organization they are looking for. Malicious sites can be registered with domains very similar to the legitimate web sites.

For more information on how to protect yourself from this type of malicious attack, visit www.tracesecurity.com .