What is Pharming?

Pharming is a next-generation phishing attack. Pharming, like phishing, uses "spoofed" (counterfeit) websites, where victims are deceived into divulging personal and financial information, but the method of getting victims to the fake website is different. Unlike phishing, which uses forged emails to trick victims, pharming uses hidden redirection to reroute a legitimate website's traffic to a phony site.

Pharming is more difficult for victims to recognize and avoid, because it provides fewer clues and feels more natural than phishing. Users are choosing to go to the website on their own, and are not suspicious because the website appears authentic.

Pharming also has the potential to do more damage. Phishing lures victims one at a time; Pharming herds victims to bogus sites in mass. Phishing is casting out bait and hoping to get a bite; Pharming is using a dragnet and not trusting to chance.

Pharming attacks accomplish their redirection by altering the information which points web browsers to websites, causing the web browser to go to the fake website even if a user types in the correct website address.

How Pharming Works

DNS, the Domain Name System, acts as a sort of telephone directory for the internet, translating "friendly" names (URLs) used by humans into the numerical (IP) addresses used by computers. DNS servers are responsible for resolving Internet names into machine addresses, so that a web browser can connect to the correct location (website) on the Internet (similar to dialing a telephone number).

By using a technique known as DNS cache poisoning, an attacker exploits a flaw in the DNS software to populate the server with false information regarding which numerical machine address is associated a particular website. This causes the compromised DNS server to give out misleading Internet addresses specified by the attacker, instead of the authentic addresses. This allows an attacker to redirect Internet users to the impostor's website, rather than the intended destination. A poisoning attack on a single DNS server can affect a large number of users, depending on how many users are serviced by the compromised DNS server. And there are literally millions of DNS servers on the Internet, giving hackers lots of potential targets.

There is another variation of this scheme, in which a Worm infects individual PCs and redirect browser requests without the user's knowledge.

Another popular DNS attack is Domain Name Hijacking, in which a hacker impersonates a legitimate administrative contact, to con a domain name registrar into allowing the hijacker to change the registration information, to steal control of a domain from the legitimate owner.

Anti-Pharming Resources

Information on Pharming from Wikipedia

DNS Spoofing from Men & Mice

Pharming.org

DNS Threats & Security - Technical Articles from DNS Security Extensions (DNSSEC.net)