Pharming
Hijacking DNS to divert traffic to or via malicious systems
The term 'pharming' refers to any attempt to subvert DNS systems to redirect network traffic to a malicious system. The most common application is to redirect attempts to visit online banking sites to spoofed versions, and thus gather valuable account and login information.
Pharming can be achieved by attacking DNS servers, planting bogus data in their cache so that when a bank or other site's IP address is requested that of the attacker is supplied instead. It can also be achieved by altering the data stored by home routers in a similar way, or simply by changing the hosts file on the local system so that certain sites will be redirected.
Once successfully 'pharmed', a victim's attempts to access certain sites will be redirected silently and invisibly - such attacks can be hard to detect locally, and can be used for man-in-the-middle attacks which can bypass even highly sophisticated security. However, in many cases browsers will alert on missing certificates and so on, and such attacks are thought to be fairly rare.
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.