How do phishing attacks differ from pharming attacks? Are pharming attacks still prevalent?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Phishing attacks typically involve an attacker sending emails that appear to be from an e-commerce company, in attempt to trick recipients into going to a malicious, imposter Web site and providing their sensitive information. Phishers build their imposter Web sites to look like the real Web site, and try to disguise links to their imposter sites so they seem legitimate to the unsuspecting victim.
While they are related, pharming attacks are indeed different. Pharming is when an attacker tricks a DNS server into caching a bogus entry for a domain name for an e-commerce site. Then when a user types the domain name for that site into a browser, the DNS server provides a cached record of an evil site. The user is "pharmed" via DNS cache poisoning.
Unlike phishing attacks, email is usually not involved in pharming attacks because the attackers use real domain names, not disguised or obfuscated URLs. They poison the DNS server and force it to direct those genuine domain names to attacker controlled IP addresses.
From February 2005 to August 2005, we saw a large number of pharming attacks, due to common misconfigurations of DNS servers that made them accept the poison. While we still see a trickle of pharming attacks today, most DNS servers have improved their poisoning defenses, thereby lowering the incident of attacks. Don't be fooled, though, they are still out there and we need to be diligent. If you run a Windows-based DNS server, make sure you have selected the "Secure Cache Against Pollution" option in the configuration GUI (the default for recent versions of Windows DNS server). Also, never use Windows DNS servers configured to forward requests through BIND 4 or 8. Windows DNS servers acting as forwarders should always go through BIND 9, which can cleanse potentially poisoned records.
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.