What is pharming?
Pharming is a neologism based on the words ‘farming’ and ‘phishing’. It can be carried out either by changing the hosts file on a victim's computer or by exploiting a vulnerability in DNS server software. DNS servers are responsible for resolving Internet names into their real IP addresses. Compromised servers are said to be ‘poisoned’.
In recent years, both pharming and phishing have been used to obtain information that allows hackers to carry out online identity theft and has become a major concern for companies that host e-commerce or banking websites.
How does pharming work?
As users have become more aware about the perils of phishing-type fraud, some hackers have abandoned the idea of trying to trick their victims and have instead turned to pharming, which involves poisoning the cache of the DNS server.
The Internet uses DNS servers to resolve domain names, for example www.pandasecurity.com, into the numeric IP addresses used to locate services and devices.
As part of a DNS poisoning attack, a hacker targets a DNS server and alters the IP address associated with the website's written name. This means that a hacker can redirect users to a malicious website, even when the user has typed the correct name into the address bar in the browser.
How to protect yourself
To protect against pharming attacks, companies should encourage employees only to enter details in websites protected with HTTPS. It is also important to implement antivirus software in all corporate devices and have all virus signature files up to date, as well as all security patches provided by a trusted ISP.
Also, unlike phishing attacks that often target specific services, pharming can affect a far greater number of users. Moreover, it is not a single attack, -as is the case with phishing emails- but remains in wait for a user to access their online bank. The best obstacle to this type of threat is an advanced security solution.
Nevertheless, there is another danger with pharming, which lies in anonymous proxy servers. Many users wanting to hide their identity (their IP address) when they use the Internet use online proxy servers so that the connection is made through the server's IP, not their own.
The problem is that one of these proxy servers could have been DNS poisoned, so if a user were to attempt to visit their bank's website, they could be entering a fake site, even though their local DNS system is working correctly.