September 17th, 2005
Pharming is a very popular type of network attack among hackers. Lemme explain the process in brief.
- The hacker looks for a web page from where he wants to get details. Typically it will be a bank’s website.
- By viewing the design source code of the web page (View > Source) from internet explorer, he recreates a similar web page.
- Then, he looks at the DNS (Domain Name System) table of the ISP (Internet Service Provider). He gets the list of IP addresses for the different websites & searches for the website he wants to spoof.
- Now in the DNS table, he changes the IP address of the website to represent his server’s IP address. Eg: If he wants to spoof yahoo.com, he changes yahoo’s IP to his own IP.
- Whenever a user accesses the site by giving yahoo.com, the DNS now redirects him to the hacker’s system. Since he has recreated a similar page, the end user believes that he has come to the correct page. Now, he gives his user id and pwd to login to the site & wat happens now?? The website shows an error & by this time, the user has lost his user id & pwd to the world.
Prevention is better than cure
- Banks & other institutions which take data such as user id & pwd often put up a notice on their saying that they never ask for other details.
- For the users, plzz b careful. Have a look at the url each time u see the site. If it differs, cross check by sending a mail or calling them up. Most probably, the mail wont b replied bcos, the hacker’s IP wont be having a mail server.
- Check whether the website’s certificate is from an authorized agent. Most hackers don’t have a proper certificate. For this, c whether u have a small eye icon on the status bar of the internet browser (internet fxplorer, firefox, opera etc.).
- Double click on it to c the certificate.Or better still, don’t use internet :-). That way, u can remain safe forever.