Poor man’s pharm

Entropy

Posted by Zacharias - June 14, 2005 Comments 0

Speaking of Britney, Infoworld actually had an interesting article last month (most of the articles that I see are either too vague or too oriented toward upper management to be informative).

The looming threat of pharming provides good exposure to modern network hacking targets outside the corporate desktop. “It’s harder to pharm than to phish,” according to Mark Leon, the author. Phishing plays entirely upon the naivete of computer users, typically sending a too-good-to-be-true email that tricks a user into surrendering sensitive information.

Pharming, on the other hand, is true hacking. Pharming uses DNS “exploits,” or weaknesses, allowing a hacker to intercept requests on the web. This allows hackers to “hijack” legitimate web sites, temporarily diverting traffic to their own web site. Particularly well done pharming attempts can run for days without being noticed.

Once a hacker has usurped a legitimate web address the most common scam is to put up a nearly-identical web page, often a simple copy, of the original site. Usually the only false information on the page is a login or password prompt. Users, thinking the page is legitimate, will enter their password — the hacker intercepts the password, forwards the login request to the real site, and the user is none the wiser.

Infoworld also ran a smaller article on the “poor man’s pharm:”

DNS poisoning requires elite hacking skills, which is why most analysts believe it falls short of a large-scale threat. But before you get too complacent, take notice of the poor man’s pharm, a less sophisticated and far less costly way to hijack Web page requests and forward unsuspecting users to counterfeit sites.

The poor man’s pharm is an easier exploit, again playing on the naivete of users. While a major pharm attack focuses on Internet DNS servers, a much simpler attack can install trojan software that effectively does the same thing at the desktop level. While the returns are typically lesser, this kind of pharming is probably an even greater threat to most users.