Pharming (internet)
Pharming is a scam method spread through the internet . It is based on a manipulation of the DNS requests of web browsers (for example through DNS spoofing ) in order to redirect the user to fake websites . It is a further development of the classic phishing .
Procedure
Pharming has established itself as a generic term for different types of DNS attacks. One method is to manipulate the host file locally . With the help of a Trojan horse or a virus, a targeted manipulation of the system is carried out with the consequence that this system deliberately displays fake websites even though the address was entered correctly. For example, users can be directed to deceptively simulated bank pages.
Technical background
In order to resolve an alphanumeric URL (Internet address ) into an IP address , the operating system usually contacts a DNS server . However, every operating system also has an internal list for this purpose, e.g. B. the file " hosts ". Before a DNS server is contacted, the operating system first looks in the hosts file to see whether the name (or Internet address) is already listed here. If so, there is no need to contact the DNS server.
In pharming, corrupted DNS servers, DNS flooding (a computer is "suspected" suggesting an address resolution even before it has queried this from the real DNS server) or the simplest way of manipulating addresses in the local hosts file using malware the operating system calling up a website from banks etc. redirected to another server.
Thus, despite the correct URL , the user arrives at the wrong page without noticing.
This method, like phishing, only reaches a limited number of recipients, despite the usual mass mailing of the Trojan.
The aim of these actions is usually to steal credit card data or similar security-relevant or confidential information (e.g. from online consultations ).
This form is also used by illegally working credit agencies , particularly in the case of targeted attacks on individual people . These create complex profiles about the respective target person. Clients use the information obtained in risk assessments for insurance companies, recruitment, lending and the like. a.
Ways to Discover Pharming
Since pharming attacks mostly take place on DNS caches or individual hosts located close to the client, it helps to query DNS servers from different networks. If the answer is the same, it is very likely that there is no pharming attack.
Furthermore, by querying the IP address in a Whois database, the location as well as a description of the provider and the blacklisting status can be determined.
If purchases are made or banking transactions are carried out on the web, the page must be "secure", so the address must https://begin with . If data is transmitted using https , the server must authenticate itself, and a certificate is exchanged. Who issued the certificate can be taken directly from the certificate, but this information is very easy to manipulate. Therefore you should either compare the “fingerprint” of the certificate with a z. B. sent by post. The “fingerprint” of an SSL client certificate is usually an MD5 , SHA-256 or SHA1 checksum. If they match, the certificate is probably real. However, these checksums do not offer 100% security either. For example , fake certificates that look credible can be created with great effort through hash collisions . A more convenient method is the signature of the certificate by a trusted third party who has previously checked the certificate for authenticity. If such a signature is available, the certificate is usually automatically accepted by the browser or this signature can be recognized in the certificate details. Many users are prone to this because they ignore warning messages or do not take them seriously.
A https://at the beginning of the URL only guarantees a secure connection if you can be sure that the certificate is genuine.
The use of special software for electronic banking (e.g. ProfiCash, VR-NetWorld-Software, Moneyplex, WISO, StarMoney, Hibuscus and many more) can protect against pharming and phishing .