What is Pharming Attack? -DNS Poisoning

I hope you know about Phishing attacks. In phishing attack, the user will be tricked to visit the fake page by sending attractive email. if you notice the url, it is not real one. So Phishing attack can be detected by looking at the url. This will be overcome by pharming attack.

What is Pharming?

Pharming attack will redirect to the fake(phishing) page even though user enter the correct address. For Eg: facebook.com will show the fake page instead.The term pharming is a derived from farming and phishing. In recent years both pharming and phishing have been used for online identity theft information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites

Ethical Hacking Certifications

How does it works?
Method 1: DNS Poisoning: 

1. Attacker hacks into the DNS server and changes the IP address for www.targetsite.com to IP of www.targetsite1.com (Fake page).

2. So if the user enter the URL in address bar, the computer queries the DNS server for the IP address of www.targetsite.com. 

3. Since the DNS server has already been poisoned by the attacker, it returns the IP address of www.targetsite1.com(fake page).

4. The user will believe it is original website but it is phishing page. 

Method 2: HOSTS file Modification:
This method is local DNS poisoning. 
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:

 C:WindowsSystem32driversetc

It will change the fields of hosts so that original website will point to some other fake page.  Please read this article to know more about this method: Use original Domain for phishing using hosts file

Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting you to a fraudulent website when you type in a legitimate address.

Instances of Pharming:

In January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a site in Australia. No financial losses are known.

In January 2008, Symantec reported a drive-by pharming incident directed against a Mexican bank in which the DNS settings on a customer’s home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting card company

In a poisoning attack in early March 2010, requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages were redirected, according to log data obtained from compromised Web servers that were used in the attacks, says PC Mag.

Prevention over Pharming:

  • Use some Anti Phishing Addons for Mozilla to detect phishing webpages.
  • Use spoostick Addon that will detect the fake pages
  • Use Internet Security Software(kaspersky, BullGuard Internet Security)