Pharming Attacks, Already a Worry, Grow More Alarming

Carl Weinschenk

The biggest fear is stealthy dangers that create problems without warning and impact even those who are being reasonably careful. A study by security firm Sophos says dangerous Web pages -- the piece in The Register appropriately labels them "booby-trapped" -- are proliferating.

Dire dangers lurk at these sites, whose main goal is to add to botnets. The security firm is finding 6,000 infected pages every day -- and 83 percent of them are the property of innocent parties who themselves are victims of crackers. The problem is mountainous. PandaLabs says about 11 percent of all computers are in botnets, and they are responsible for 85 percent of spam that is sent. Last year, 51.4 percent of sites hosting malware were in China and 23.4 percent in the United States.

The problem also is getting worse. A related and more sophisticated exploit was in the news this week. Back in August 2006, Whitehat Security founder Jeremiah Grossman described a potential "drive-by pharming" attack in which malicious code changed the DNS setting of the user's wired or wireless broadband router, according to a Dark Reading report. Such an attack would give the hacker control of the broadband connection. The impact could be disastrous. For instance, the next time the user typed in what he or she thought was their bank's URL, they may instead be sent to a phony site that would steal their bank account numbers and other personal information.

Now, a version of the hack even more dangerous than the one envisioned by Grossman has been seen in the field (or, in security parlance, "in the wild"). While Grossman's concept requires the hacker to know the administrative password of the system, the real-world version doesn't demand even this rudimentary step. This no longer is just theoretic: The exploit was used in an attack against a leading Mexican bank.

This BustaThief piece offers a good overview of pharming and its cousin, phishing. The writer says there is no "silver bullet" to stop pharming, but does offer some helpful steps. Site owners should employ Hypertext Transfer Protocol over Secure Socket Layer (HTTPS), a more secure approach to connections. Users should look for a warning (a graphic of the screen, which should be familiar to most people who spend time on the Internet, is offered). Finally, the writer suggests using SpoofStick, a browsing extension that helps detect fake sites.

The world of security threats is complex and many problems overlap. Recently, the dangers of virtualized environments, in which one physical machine hosts multiple operating systems, has gotten a lot of attention. Startup Catbird Networks hardware and software act as intrusion detection systems/intrusion prevention systems (IDS/IPS) that look for a variety of dangers, including rogue logins, viruses, hijacking -- and, according to this Byte and Switch story -- pharming attacks.

More from Our Network
Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.