当我们环顾四周时,我们会惊讶于世界变化的速度。Pharming和其他网络犯罪攻击等(Pharming)在线欺诈(Online fraud)技术处于历史最高水平。为了克服这些挑战,我们至少需要对这些术语有一些基本的了解。本信息文档的目的是通过解决方案来解决问题。
什么是药学
Pharming使用称为DNS 缓存中毒的策略将(DNS Cache Poisoning –)Internet用户从合法网站重定向到恶意网站,其中损坏的数据被插入到DNS的(DNS)缓存数据库(cache database)中。
攻击者使用多种方式进行域名绑定攻击,其中一种最流行的方式是修改Host 文件(Host file)。Pharmer暗中劫持您的计算机并将(Pharmer)您带到一个伪造的网站。您的浏览器可能会显示合法的URL,但您不会在合法的服务器上。在大多数情况下,该页面看起来与您的银行、金融机构或在线购物网站(institution or online shopping websites)(如 eBay 或Amazon )的页面相同。在这里,攻击者会寻找您的机密信息,例如信用卡(credit card)号、帐户密码等。
Hosts 文件(Hosts file)允许存储 IP和域名以(IP & domain names)加快上网速度并避免咨询DNS(DNS server)服务器。因此,每次用户在浏览器中输入地址时,PC都会首先访问 Hosts 文件,如果找到该(Hosts file)域名,(domain name)则会占用网站的 IP地址(IP address)。现在,如果Hosts 文件(Hosts file)被修改,用户将被重定向到错误的网站,攻击者将在那里等待窃取凭据。
为了进行域名欺骗攻击,攻击者通常使用以下方法:(To carry out a pharming attack, the attacker typically makes use of the following:)
- 将恶意 IP 和域名写入 Hosts 文件的批处理脚本。(Batch Script)
- 将批处理文件(file)加入另一个文件的Joiner
- 一个代码混淆(Code Obfuscator)器,可帮助可执行文件从防病毒软件中逃脱检测。(escape detection)
网络钓鱼与网络钓鱼
您需要清楚 Pharming 和Phishing之间的区别。网络钓鱼(Phishing)攻击始于收到一封电子邮件,要求您访问可能会受到威胁的网站。Pharming 攻击从您被重定向到恶意网站的DNS 服务器级别开始。(DNS server)
如何缓解 Pharming 攻击
使用(Use)防病毒程序保护您免受未经授权的主机文件(Host file)更改是一种方法。此外,您应该定期修补您的操作系统(operating system)和安装的软件。
更复杂的域名移植攻击针对通常由Internet 服务提供商(Internet Service Providers)( ISP ) 处理的(ISPs)DNS 服务器(DNS server)。在这种情况下,用户手头几乎没有处理风险的选项,而且他几乎无能为力,除非使用可信赖的DNS 服务器(DNS server)。
当今的大多数浏览器和安全软件(security software today)都能够在用户登陆Pharming 和 Phishing 站点(Pharming and Phishing sites)时提醒用户。因此,用户在泄露有关金融账户的详细信息时应始终保持警惕。如有疑问,请使用安全网络(secure network)进行通信,不要透露您的凭据或任何其他要求的信息。
防止 Pharming 可采取的预防措施
- 使用受信任的合法 Internet 服务提供商:(Use a trusted, legitimate Internet Service Provider:)ISP 级别(ISP level)的严格安全性是您抵御域名欺骗的第一道防线。互联网服务(Internet service)提供商 ( ISP(ISPs) ) 正在努力过滤掉“受骗”网站。
- 更好的防病毒软件:在您的 Windows PC 上(Better Antivirus software: )安装(Install)适合您工作的防病毒程序。从受信任的安全软件提供商(security software provider)处购买防病毒系统是一种很好的做法,以减少您遭受域名诈骗的风险。
- 保持计算机更新:(Keep computer updated:) 养成为您的 Web 浏览器和操作系统下载最新安全更新(或补丁)以(Get)保持(Web browser and operating system)安全的习惯。始终使用良好的安全网络浏览器。
- 仔细检查网站的拼写:(Double-check the spelling of a website: )在大多数情况下,可以观察到攻击者通过覆盖看起来合法的地址或使用拼写相似的URL来掩盖实际的(URL)URL。因此,请始终检查Web 浏览器(Web browser)的地址栏(address bar)以确保拼写正确。
- 检查 URL:(Check URL: )检查任何要求您提供个人信息的网站的URL 。确保(Make)您的会话从站点的已知真实地址开始,并且没有附加其他字符。但重要的是要记住,您的浏览器可能会显示合法的URL,但您不会在合法的服务器上。
- 检查证书:(Check the certificate: )验证您在浏览器中打开的网站页面是否合法需要几分钟甚至几秒钟的时间。要检查,请转到主菜单中的“文件”并选择“属性(Properties)”。或者,您可以在浏览器屏幕(browser screen)上的任意位置右键单击鼠标,然后选择“属性(Properties)”选项(’ option)。从弹出的菜单中,单击“证书(Certificates)”并检查该站点是否带有其合法所有者的安全证书(secure certificate)。
- 检查“HTTP(Check the ‘HTTP) ”地址:( address: )这是最安全和最容易遵循的做法。当您访问要求您输入个人信息的页面时,“HTTP”应更改为 https。“s”代表安全。这篇文章将向您展示HTTP 和 HTTPS(HTTP and HTTPS)之间的区别。
- 查找挂锁:(Look for PadLock: )锁定的挂锁或钥匙表示安全的加密连接,未锁定的挂锁或损坏的钥匙表示连接不安全。因此,请始终在浏览器或计算机任务栏(computer taskbar)的底部寻找挂锁或钥匙(padlock or key)。
Pharming 是一个严重的问题,并且呈上升趋势。尽管ISP(ISPs)正在采取必要的努力来提供过滤,但我们作为用户在使用Internet时应该更加警惕和谨慎(exercise caution)。立即阅读(Read)下一篇关于捕鲸诈骗和点击劫持诈骗的信息!
What is Pharming and how can you prevent this Online Fraud?
When we look around we are amazed at the ѕрeed with which the world is changing. Online fraud techniqυes such as Pharming and other cybercrime attacks are at an all-time high. To overcome such challenges, we need to at least have some basic understanding of these terms. The intention of this informational document is to approach the problem with a solution.
What is Pharming
Pharming redirects Internet users from legitimate websites to malicious ones using a strategy called DNS Cache Poisoning – where corrupt data is inserted into the cache database of a DNS.
The attacker uses several ways to carry out pharming attacks, one of the most popular way is to modify the Host file. The Pharmer covertly hijacks your computer and takes you to a forged website. Your browser may display the legitimate URL, but you will not be on the legitimate server. This, in most cases, is a page that looks identical to that of your bank, financial institution or online shopping websites like, eBay, or Amazon. Here, the attacker seeks your confidential information like credit card numbers, account passwords, etc.
The Hosts file allows storing IP & domain names to speed up surfing and avoid consulting a DNS server. So, every time a user enters the address into the browser, the PC accesses the Hosts file first and, if it finds this domain name, it takes up the IP address of a website. Now if the Hosts file is modified, the user will be redirected to the wrong website, where the attacker will be waiting to steals the credentials.
To carry out a pharming attack, the attacker typically makes use of the following:
- A Batch Script to write the malicious IP and domain names onto the Hosts files.
- A Joiner to join the batch file onto another file
- A Code Obfuscator to help the executable escape detection from anti-virus software.
Phishing vs Pharming
You need to be clear about the difference between Pharming and Phishing. Phishing attacks start with the receipt of an e-mail asking you to visit a website where you may get compromised. Pharming attacks start at the DNS server level where you are redirected to a malicious website.
How to mitigate Pharming attack
Use an anti-virus program that protects you from unauthorized alterations of the Host file is one way. Also, you should regularly patch your operating system and the installed software.
More sophisticated pharming attacks target the DNS server which is usually handled by Internet Service Providers (ISPs). In such a scenario, a user has few options at hand to handle the risk and he can do little against it, except using trustworthy DNS servers.
Most browsers & security software today are capable of alerting users when landing at Pharming and Phishing sites. As such, a user should always remain vigilant while divulging details about financial accounts. Whenever in doubt, communicate using a secure network and do not reveal your credentials or any other requested information.
Precautions that can be taken to prevent Pharming
- Use a trusted, legitimate Internet Service Provider: Rigorous security at the ISP level is your first line of defense against pharming. Internet service providers (ISPs) are working hard on their end to filter out ‘pharmed’ sites.
- Better Antivirus software: Install an antivirus program on your Windows PC that does the right job for you. It is a good practice to buy an anti-virus system from a trusted security software provider to reduce your exposure to pharming scams.
- Keep computer updated: Get into the habit of downloading the latest security updates (or patches) for your Web browser and operating system to stay protected. Use a good secure web browser always.
- Double-check the spelling of a website: In most cases, it is observed that the attacker obscures the actual URL by overlaying a legitimate-looking address or by using a similarly spelled URL. So, always check the Web browser’s address bar to make sure the spelling is correct.
- Check URL: Check the URL of any site that asks you to provide personal information. Make sure your session begins at the known authentic address of the site, with no additional characters appended to it. But it is important to remember that your browser may display the legitimate URL, but you will not be on the legitimate server.
- Check the certificate: It takes a few minutes if not seconds to verify if a website page you’ve opened in the browser is legitimate or not. To check, go to ‘File’ in the main menu and select ‘Properties’. Alternatively, you can right-click your mouse anywhere on the browser screen and, select ‘Properties’ option. From the menu that pops up, click on “Certificates” and check if the site carries a secure certificate from its legitimate owner.
- Check the ‘HTTP‘ address: It is the safest and easiest practice to follow. When you visit a page where you’re asked to enter personal information, the ‘HTTP’ should change to https. The “s” stands for secure. This post will show you the difference between HTTP and HTTPS.
- Look for PadLock: A locked padlock, or a key, indicates a secure, encrypted connection, and an unlocked padlock, or a broken key, indicates an unsecured connection. So, always look for a padlock or key on the bottom of your browser or your computer taskbar.
Pharming is a serious concern and it’s on the rise. Although ISPs are taking the necessary efforts to provide filtering, we as a user should be more vigilant and exercise caution when using the Internet. Read next about Whaling scams and Clickjacking frauds now!