4. From Phishing To Pharming

The phishing epidemic is increasingly moving towards pharming, a superior hacking technique that requires technical expertise.

Pharmers redirect users from legitimate commercial websites to malicious ones. These bogus sites have the same look and feel as the sites they impersonate, but when users enter their login names and passwords, the information is captured by hackers.

There are several methods associated with pharming, but hackers commonly use trojans: stealthy programs that are created to perform illicit tasks on your computer. The following is a typical example of the procedure.

Hackers email viruses, such as the Banker Trojan, which rewrites the PC's local host file. This is a file that records and matches the common names (URLs) of Internet sites such as Google.com, with their associated numerical Internet addresses (like 64.55.33.22). By altering the Internet address linked to a bank website, the unsuspecting user is routed away from the proper site that they wish to visit, in favor of an illicit site that appears identical to the one intended. When you click on your browser favorites link to get to your bank's Internet login page you are actually rerouted to the hacker site without knowing it.

Domain Name Server (DNS) poisoning can cause a large group of users to be herded to bogus sites. DNS is similar to an Internet phone directory and is responsible for routing URLs (remember those common Internet site names like Google.com) to their destinations. When you disrupt DNS, you get Internet chaos; it is the equivalent of changing all the road signs to lead travelers in the wrong direction. As long as the journey still feels right, and the destination looks the same, the user has little suspicion that anything is wrong. After all, they clicked on their banking sites just yesterday and they were fine...

The Man In The Middle

Another problem is the man in the middle (MITM) attack, which is absolutely insidious - and incredibly effective. The attack occurs when an attacker places himself on the network by means of a physical device, or engages in a technique known as ARP Spoofing. We'll discuss this term in more detail in the next article, but by way of summary, ARP is used by computers to identify each other. ARP spoofing allows one computer to pretend to be another; the hacker identifies the two points on the network that are being targeted, usually individual computers. Freely downloadable programs are then used to reroute traffic to and from the target PCs, through the hackers PC.

The danger here is obvious - the hacker is sitting in the middle between the PCs and so can eavesdrop on all the traffic. As an example of how serious this threat is, imagine that you attempt to logout from the bank website. The MITM can provide a seemingly valid logout confirmation page to you, while actually suppressing your logout command and holding the connection to the bank open.