[MSM Hobbes]

Searched TSG for this term "pharming" w/o receiving any hits, so in case I or the search engine missed this, my apologies. There may be other threads/posts pertaining to this or similar attacks on security, maybe termed spoofing or some other related term. However, if one searches for pharming, here ya go... Nevertheless, in case anyone is not yet aware, or unfamiliar w/ this particular term, there is a potential very serious issue creeping across our friendly internet browsing .

Pharming is for the most part where you type in a web address using letters, hit go, but are then directed to a very similar looking site, yet one that is actually home to crooks, that will then capture your data that you enter [such as account numbers, passwords, etc.] to be used in their devious ways.

These links provide much better discussion, history, and words of advice:
http://reviews.cnet.com/4520-3513_7-...ml?tag=nl.e497

Quote:

Hopefully, we've all become wise to phishing attacks, so named because they cast the bait (via e-mail) and if you bite, they can lure your personal information out of you. These scams are now fairly recognizable and usually arrive as a note from a bank asking you to go to its site (link provided, of course) to reenter your most personal information. The fact that a bank wouldn't really need your mother's maiden name might tip you off. Most likely, though, you spot the misspellings in this bogus e-mail, or you're otherwise savvy to the identity theft scam and immediately trash these messages unread. So what if I told you phishing is just kid stuff compared to what's coming next?

The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves.
In January, I started hearing about these new "pharming" attacks, a supposed successor to the now familiar e-mail phishing attacks. Gerhard Eschelbeck, CTO of Qualys, a vulnerability management company, told me recently that pharming is simply a new name for a relatively old concept: domain spoofing. Rather than spamming you with e-mail requests, pharmers work quietly in the background, "poisoning" your local DNS server by redirecting your Web request somewhere else. As far as your browser's concerned, you're connected to the right site. The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves. ...more...

http://www.eweek.com/article2/0,1759,1758874,00.asp

Quote:

You probably think you're pretty safe from phishing attacks, right? After all, how difficult is it to ignore a "security warning" from a bank you don't do business with? Or a non-grammatical message purportedly from PayPal that says your account is about to be turned off? I've avoided those scams and even bogus messages "from" banks I actually do business with. Why do they want this information from me? They've lost my password? Sure they have.

Still, not everyone is as smart—make that cynical—as you and I. So phishing is likely to be one of the biggest threats to computer users during 2005 and probably for years to come. Spam, which is merely annoying, doesn't start to compare to full-bore identity theft thanks to entering personal information in the wrong place.

Like most people do, I sometimes enter personal information online. I do this when I go to Web sites. The most extensive information goes to e-stores where I want to shop. And also like most people, I count on Amazon.com or wherever I'm shopping to answer when I type in their URL and press the enter key. I believe I am entering information in the "right" place and so far, as best I can tell, it always has been. eWEEK.com Special Report: Browser Security

Not so fast, warns my friend Scott Chasin, CTO at MX Logic, a Denver-based messaging and anti-spam company. Scott has identified a new threat that he's calling "pharming." If the current method is "Phishing for dummies" (because the victims ought to know better), Scott's new threat is "Pharming for geniuses" because most victims—even smart ones—might have no idea that they were being scammed. At least not until it's too late. ...more...

http://www.wired.com/news/infostruct...,66853,00.html

Quote:

First came phishing scams, in which con artists hooked unwary internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims.

Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.

"Phishing is to pharming what a guy with a rod and a reel is to a Russian trawler. Phishers have to approach their targets one by one. Pharmers can scoop up many victims in a single pass," said Chris Risley, president and chief executive officer of Nominum, a provider of IP address infrastructure technology for businesses.

E-mailed viruses that rewrite local host files on individual PCs, like the Banker Trojan, have been used to conduct smaller-scale pharming attacks. Host files convert standard URLs into the numeric strings a computer understands. A computer with a compromised host file will go to the wrong website even if a user types in the correct URL.

The most alarming pharming threat is DNS poisoning, which can cause a large group of users to be herded to bogus sites. DNS -- the domain name system -- translates web and e-mail addresses into numerical strings, acting as a sort of telephone directory for the internet. If a DNS directory is "poisoned" -- altered to contain false information regarding which web address is associated with what numeric string -- users can be silently shuttled to a bogus website even if they type in the correct URL.

"DNS poisoning has been around for over a decade now," said Gregg Mastoras, senior security analyst at Sophos. "Many would argue that the DNS system we all depend so heavily on has inherent design vulnerabilities, and because of the initial design flaws there have been a variety of methods used to create successful attacks.

"So while DNS poisoning is not new, the dramatic rise of phishing, and more importantly the complexity of the new pharming attacks, is cause for some concern," Mastoras said. ...more...

http://www.it-observer.com/articles.php?id=651

Quote:

Hackers appear to have an increasing interest in reaping financial reward from their actions and creations. If until now, phishing - using emails to lure users into entering data into spoofed online banking websites - was one of the most widespread fraud techniques, 'pharming' now poses an even greater threat.

Basically, pharming involves interfering with the name resolution process on the Internet. When a user enters an address (such as www.pandasoftware.com) this needs to be converted into a numeric IP address as 62.14.63.187. This is known as name resolution, and the task is performed by DNS (Domain Name System) servers. These servers store tables with the IP address of each domain name. On a smaller scale, in each computer connected to the Internet there is a file that stores a table with the names of servers and IP addresses so that it is not necessary to access the DNS servers for certain server names.

Pharming consists in the name resolution system modification, so that when a user thinks he or she is accessing to bank's web page, he or she is actually accessing the IP of a spoofed site.
Phishing owed its success to social engineering techniques, despite that not all users take the phishing bait, and so this success was limited. Also, each phishing attack was aimed at one specific type of banking service, further reducing the chances of success. Pharming on the other hand, can affect a far greater number of online banking users.

In addition, pharming isn't just a one-off attack, as is the case with phishing emails, but remains present on the computer waiting for the user to access the banking services. ...more...

Of course, there are many other sites w/ additional info, but the above give a good flavour of what is going on. A few other posts/threads mention SpoofStick, an extension available for both IE and FF, but as part of this post will also include links to combine the bad of above w/ the good of this:
http://www.corestreet.com/spoofstick/
http://www.pcworld.com/downloads/fil...d,23319,00.asp
http://www.jarnot.com/mt/archives/20...ox_spoof_s.php

BTW, when clicking on the link at the bottom of http://www.corestreet.com/spoofstick/firefox.html, I was redirected to a spoofed site itself! And no, I don't know where Elvis is either...

[Alan18]

Bump