What Is Pharming ?Even if you think phishing scams are as obvious as angry cats, there's one scary new form of scam that even an expert can be fooled by. It's a technique called pharming that, when perpetrated, is invisible to web surfers until it's too late. In a nutshell , here's what happens: You tell your web browser to open a website. It is secretly directed to a fake website that looks just like the original. And this all happens without any clue that you're being duped. To understand how pharming works, pretend that surfing the Internet is like visiting the zoo with your niece. You say to her, "What shall we see first?" She says, "Let's go see the monkeys !" So you take her up to the information booth and the nice information officer tells you to follow the banana signs. So you both follow the banana signs until you get to the monkey house. That's kind of how the Internet works now. When you type a web address into your web browser, your browser makes contact with a domain name service (DNS) server, which is a kind of Internet information booth. The browser gives the DNS machine the destination requested . And in turn the DNS server (like the information booth officer) looks it up in the DNS cache. What comes back is a numerical address called an Internet Protocol (IP) address. The web browser uses the IP address to contact the correct server (a computer that contains a website) you want to visit. In the case of pharming, the information booth officer has been fooled. He's been given the wrong map by the evil marketing guy at the zoo who wants everyone to go to the gift shop. So when you ask for directions to the monkey house, the information officer looks at his map and sees that the monkey house can be found by following the cabbage signs. That doesn't seem right, but that's what the map says so those are the directions he gives you. (Actually the DNS server isn't smart enough to question the information. It just hands it out.) So you end up at the gift shop. To further the scam, the gift shop might even be decorated like the monkey house with banana wallpaper and stuffed monkeys. Caution
Pharmers poison a DNS server by changing its cache so it stores the wrong IP addresses (see Figure 4.5). So when you browse to your bank's web page, the DNS server that translates your bank's dotcom address will hand back the wrong IP address. Your web browser takes you to a fake bank site that looks like your bank but is run by a pharmer. Figure 4.5. Pharmers can poison a DNS server with a bad IP number so when your web browser asks for the correct numerical Internet address of your bank (for example), it gets sent the IP address of a fake bank site.
What's alarming about pharming (besides that awful rhyme ) is that it can cause a large group of innocent people to be herded off to bogus websites and scammed. Even scarier, during this process your browser displays that you are visiting a correct site even though it's bogus .
|