Saturday, December 02, 2006

what is pharming?

pharming is a phishing enhancement technique that manipulates domain resolution (by changing the victim's hosts file or by DNS cache poisoning) in order to make it impossible to recognize a phishing site just by looking at the URL...

by this i mean that when the victim visits the phishing site it will have the domain name of the site that the phishing site is impersonating... in fact, when the victim tries to go to the legitimate site, whether by typing in the URL from memory or using bookmarks or other legitimate links they will be redirected to the phishing site instead...

while some of the simpler phishing attacks may disguise the phishy nature of a site by using URL tricks (such as URLs with @ symbols in them, or URLs that are simply close to the legitimate URL or contain the legitimate organization's name in them), pharming disguises it at the network level so that even anti-phishing toolbars and technology are unlikely to detect the attack... that said, pharming is a more difficult form of disguise to pull off than simple URL trickery...


back to index

0 comments: