After Phishing comes Pharming - the next dimension in internet fraud
Online fraud continues to grow at an alarming rate, not by the tabloid induced paranoia of using credit-cards online (those same journos being happy to let their cards out of site when paying in bars and restaurants which is far less safe than using a properly secure website) but by phishing and now a new problem known as pharming.
Phishing
(currently the most widespread technique used by fraudsters), is playing on the naivity and stupidity of the general public - sending an email puporting to be from a bank or payments service, usually claiming some requirement to update details or eliciting fear by informing you of “unauthorised activity with your account”. The dumb user then clicks on a link in the html email, and gives away their usernames and passwords to their bank account to the scammers. Resulting in someone else going shopping with your money.
Phishing scams are getting increasingly sophisticated, often looking exactly like the real sites, and utilising the real graphics, fonts and disclaimers of the actual financial institutions they claim to represent.
Killing the Phishermen - 3 easy steps
1. Ditch the MickeyMouseSoft email client (OUtlook Express) or at least switch to TEXT mode so you can see the dodgy URLS rather than just the pretty pictures
2. Remember that no reputable bank or payment service would ever contact you in this manner
3. Always type the known URL into a browser *NEVER* click a link in an email
Ultimately phishing will stop as users get educated, or when all the really thick people have no money left in their bank accounts to steal.
Because phishing doesn’t work on the small percentage of internet users with more than 1 active brain-cell, scumbags around the world have worked tirelessly for almost 30 minutes to come up with the new way to part people with their hard-earned … Pharming which now poses an actual threat not just to your bank account, but more importantly, the stability of the inter-webby thing.
Basically, pharming involves interfering with the domain name resolution process. When you use a domain name (such as http://www.valuecolo.co.uk) this needs to be converted into an IP address to locate the server and service appropriate (in this case 80.82.140.240).
This is commonly known as ip name resolution, and is handled by the DNS (Domain Name Service).
DNS servers store “zones” - tables for each fully qualified domain name and the ip addresses associated with those fdqn’s. Computers check their local hosts file or memory resident cache before going off to access the DNS servers for a fqdn.
Pharming modifies the local copy of the DNS results at the name resolution stage, or by inserting entries into the local hosts file, so that when a user thinks they are accessing their bank’s Web pages, in fact they are actually accessing the IP of a spoofed/fake web site.
Phishing emails were aimed at one specific type of bank or payment service, like HSBC or PayPal, which reduced the chances of success. Pharming however can affect a far greater number of online users, as entries could be made for all banks! Additionally pharming isn’t one-off con-job, as it remains present on the computer waiting for the user to access their banking services.
Now, pharming depends on local applications on your system - before you can be infected it needs to be installed and run. This malware can arrive through a variety of methods - pretty much any way data can get to your machine - including but not limited to
- downloaded programs
- scripts on websites
- copied directly from CD/DVD/floppy
- packaged in other applications etc
Preventing these bastards from getting your details and stuffing up your DNS is actually quite simple, and shouldn’t come as a suprise to anyone who owns a computer for more than playing Grand-Theft Auto on…
Anti-Agrigulture - How to stop Pharmers getting subsidies from your wages - 5 simple steps
1. Be careful what you install and where it came from - yes I realise a naked dancing Kylie is amusing for 3 seconds, but what STD’s did she come attached with ?
2. Maintain and run an upto date Virus Scanning Package - and a LEGIT one , not some warez
knockoff from a bloke at the computer club.
3. Run a spyware/malware checker - there is really is no excuse not to, especially as many of them are free, but avoid the ones downloadable from l33t hax0rs websites
4. Check your local hosts file for unauthorised entries - yes it means using notepad not some point-and-click shite but you’ll feel better for it I promise.
5. Clear your DNS cache - for you windoze (l)users thats
Start, Run, cmd [return]
ipconfig /flushdns [return]
exit [return]
Now this works unless you’re some sort of phreak who feels the need to hide behind some anonymous proxy servers thinking it hides your identity/IP address. In which case you’re on your own pal, as there is no way to prevent you being suckered with mangled DNS.
Obviously the only real long-term solution is the public hanging of all these Phucking Phishers and Pharmers, but until that happy day, be safe, its a dangerous world out there.
Note to parents
Whilst the tone and content may not be something you wish to share with your children, you are advised to take serious note of the concepts, as altering DNS poses a very real threat to your childrens online time. Where Pharming seems to be targetting banks at the moment, it has the ability to redirect *any* DNS request to an alternate IP, so instead of getting to the www.bbc.co.uk/cbeebies website to do online painting with Bill and Ben, they could find themselves and their contact information redirected to Ben and Bill’s kiddie-fiddling emporium which is something we all want to avoid.
