What is it?

Pharming is a new mode of online fraud, through supplanting the system of domain name resolution (DNS) to send the user to a false web page. As with any dangerous and expanding new threat, prevention and an efficient antivirus are the best tools.

If phishing was one of the most extended frauds, fooling users in order to try banking operations using web servers and pages with the same design as an online bank, pharming is even more dangerous. It manipulates the domain name resolution of internet through some malicious code intentionally introduced into the computer.

How does it act?

When the user types an address into the browser, it must be converted into a numerical IP address. This process is called name resolution, which is carried out by DNS servers (Domain Name Server).

These servers have a list of IP addresses for each domain name. In a smaller scale, each computer connected to the internet has a file with a small table of server names and IP addresses, so that no access to DNS is necessary for certain names or even to avoid such an access.

Pharming modifies this system of name resolution so that, when the user thinks it is accessing its internet databank, it is actually accessing the IP address of a false web page.

Although not all users fall for the phishing tricks on social media, the success of phishing is limited. Besides, each phishing attempt must be directed to a single banking service, and therefore, the possibility of success is rather limited. On the other hand, pharming may attack a substantially larger number of users.

Pharming does not take place at a specific time, as does phishing, through its remittances; instead, the DNS modification made by pharming remains in the computer, waiting for the user to access its banking service. Therefore, the attacker does not need to be checking for an isolated attack, as we said above.

How to prevent it?

As we have said in the previous topics related to electronic fraud, the immediate solution is the installation of a strong antivirus program, to reduce risks of this new threat to a minimum; pharming requires some application to be installed into the system to be attacked (an .exe file, a script, etc.)

The entry of the malicious code into the system may come through any of the multiple information entry ways in a system, such as email, one of the most used, downloads from the internet, copies from a disk or CD, etc. Any or all of these information entries must be checked by the antivirus in order to detect the file with the malicious code and eliminate it.

Prevention is the best solution
We are currently moving in a scenario where malware (malicious software) has sped up significantly, and their creators have multiplied, creating source code to introduce variations and thereby, creating new attacks.

Computer virus laboratories don’t have enough time to detect and eliminate malware from all new code before they reach and propagate to a few computers. In spite of efforts and improvements of laboratories, it is impossible for them to prepare a timely and adequate solution for some malignant codes, which propagate in seconds.

The solution for these threats can also be found installing a system that detects, not only virus definition files but also applies actions from the computer itself. In this way, every time an attack is attempted against the DNS system of the computer, as in the case of pharming applications, the attack will be recognised and stopped, as well as the program that attempted it is blocked.

Mercantil, empowering your world