Saturday, February 24, 2007

Pharming and Drive By Pharming

We've heard of phising, and many are familiar with this term, now what is Pharming and how does it affect you and i?

What is pharming?
In simplest term, pharming is the process of attacking a person's computer so that the computer "goes" to a website that is not the actual one by modifying important name to ip resolution methods such as dns, host files and others. (Wiki: http://en.wikipedia.org/wiki/Pharming)

How does it affect me?
It could lead you to a website that may look and feel like the original one (example, pharmed Public Bank Online http://www.pbebank.com) to my own little webserver on my funky Vista OS. Only ones imagination is left to what more damages this can present.

What is drive by pharming?
Now, like pharming, drive by pharming is an attempt to log in to your edge devices (like your TMNet router, your Netscreen, Zycel, Cisco routers) by using a dictionary of known common passwords that a script within a website can run. Once accessed, the information on this router like DNS etc, can be modified to suite the attackers DNS which effectively leave you to a PHARMING Attack.

How to find out/mitigate?
While it may be quite difficult to know if your computer has been pharmed with malicious internet addresses, its easy to know if the website you've accessed is legit or not. Example, gmail would have an SSL Certificate which will not prompt your browser for validity unlike a fake SSL Gmail cert will create an alert on your browser. End of the day, its your concious actions to access/not access these sites.

Also, be sure to have updated Antivirus software, run Internet Explorer 7 or Firefox 2 or Opera 9 which are intelligent enough to prompt if a certificate is invalid or a particular link looks suspicious. Vista for one does not allow access to the host file or overwriting it either.

Use strong passwords on edge devices, routers, modems, wireless-use strong AES, your Windows OS!!!!.

Get professional help if you are in doubt.

Is this for real and do-able? (No Frank, not the do-able we always do ratings on)
Yea, sure, checkout how 80 of Cisco devices can be pharmed, read this article
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011588
Post a Comment