Pharming

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the victim's computer in order to gain access to it.

[citation needed] Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software.

Personal computers such as desktops and laptops are often better targets for pharming because they receive poorer administration than most Internet servers.

Routers can pass bad DNS information in two ways: misconfiguration of existing settings or wholesale rewrite of embedded software (aka firmware).

Alternatively, many routers have the ability to replace their firmware (i.e. the internal software that executes the device's more complex services).

Even when altered, many are guessed quickly through dictionary attacks, since most consumer grade routers don't introduce timing penalties for incorrect login attempts.

On 15 January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a website in Australia.

[2] In January 2008, Symantec reported a drive-by pharming incident, directed against a Mexican bank, in which the DNS settings on a customer's home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting-card company.

[3] Traditional methods for combating pharming include: Server-side software, DNS protection, and web browser add-ins such as toolbars.

Currently the most efficient way to prevent pharming is for end users to make sure they are using secure web connections (HTTPS) to access privacy sensitive sites such as those for banking or taxing, and only accept the valid public key certificates issued by trusted sources.

At a conference organized by the Anti-Phishing Working Group, Phillip Hallam-Baker denounced the term as "a marketing neologism designed to convince banks to buy a new set of security services".