Phishing vs. Pharming attacks

BROWSE BY TAG Expert Archive: Information Security Threats,   Application and Platform Security,   Email Protection,   Email and Messaging Threats (spam, phishing, instant messaging),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Expert Archive: Information Security Threats The telltale signs of a network attack Will Google Chrome enhance overall browser security? Are there antivirus suites that pick up more than just run-of-the-mill viruses? What tools can a hacker use to crack a laptop password? Are social networking sites an easy target for malicious hackers? What are the dangers of cross-site request forgery attacks (CSRF)? Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? Best practices for using restriction policy whitelists Defining mobile device security concerns Email and Messaging Threats (spam, phishing, instant messaging) How to secure a .pdf file Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) crimeware  (SearchSecurity.com) Operation Phish Phry  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Phishing attacks typically involve an attacker sending emails that appear to be from an e-commerce company, in attempt to trick recipients into going to a malicious, imposter Web site and providing their sensitive information. Phishers build their imposter Web sites to look like the real Web site, and try to disguise links to their imposter sites so they seem legitimate to the unsuspecting victim.

While they are related, pharming attacks are indeed different. Pharming is when an attacker tricks a DNS server into caching a bogus entry for a domain name for an e-commerce site. Then when a user types the domain name for that site into a browser, the DNS server provides a cached record of an evil site. The user is "pharmed" via DNS cache poisoning.

Unlike phishing attacks, email is usually not involved in pharming attacks because the attackers use real domain names, not disguised or obfuscated URLs. They poison the DNS server and force it to direct those genuine domain names to attacker controlled IP addresses.

From February 2005 to August 2005, we saw a large number of pharming attacks, due to common misconfigurations of DNS servers that made them accept the poison. While we still see a trickle of pharming attacks today, most DNS servers have improved their poisoning defenses, thereby lowering the incident of attacks. Don't be fooled, though, they are still out there and we need to be diligent. If you run a Windows-based DNS server, make sure you have selected the "Secure Cache Against Pollution" option in the configuration GUI (the default for recent versions of Windows DNS server). Also, never use Windows DNS servers configured to forward requests through BIND 4 or 8. Windows DNS servers acting as forwarders should always go through BIND 9, which can cleanse potentially poisoned records.

MORE INFORMATION: