Saturday, September 17, 2005

Pharming Attacks.....Beware!!!

Pharming is a very popular type of network attack among hackers. Lemme explain the process in brief.

  1. The hacker looks for a web page from where he wants to get details. Typically it will be a bank’s website.

  2. By viewing the design source code of the web page (View > Source) from internet explorer, he recreates a similar web page.

  3. Then, he looks at the DNS (Domain Name System) table of the ISP (Internet Service Provider). He gets the list of IP addresses for the different websites & searches for the website he wants to spoof.

  4. Now in the DNS table, he changes the IP address of the website to represent his server’s IP address. Eg: If he wants to spoof yahoo.com, he changes yahoo’s IP to his own IP.

  5. Whenever a user accesses the site by giving yahoo.com, the DNS now redirects him to the hacker’s system. Since he has recreated a similar page, the end user believes that he has come to the correct page. Now, he gives his user id and pwd to login to the site & wat happens now?? The website shows an error & by this time, the user has lost his user id & pwd to the world.

Prevention is better than cure

  1. Banks & other institutions which take data such as user id & pwd often put up a notice on their saying that they never ask for other details.

  2. For the users, plzz b careful. Have a look at the url each time u see the site. If it differs, cross check by sending a mail or calling them up. Most probably, the mail wont b replied bcos, the hacker’s IP wont be having a mail server.

  3. Check whether the website’s certificate is from an authorized agent. Most hackers don’t have a proper certificate. For this, c whether u have a small eye icon on the status bar of the internet browser (internet fxplorer, firefox, opera etc.).

  4. Double click on it to c the certificate.Or better still, don’t use internet :-). That way, u can remain safe forever.