A new internet security product is offering protection against pharming, a variation on phishing that takes advantage of vulnerabilities in web browsers to redirect users to fake web sites, even when they type the correct internet address into their browsers.
Unlike phishing, pharming does not rely on the victim taking an action, such as clicking on a link in a bogus e-mail, to trigger an attack. It is also very difficult for victims to detect – until they discover an unexpected hole in their finances, or a black mark on their credit rating.There are two types of pharming attack. One corrupts local Domain Name System (DNS) servers at the network level and the other corrupts a PC's Host file at the individual level.When a user types a URL, such as www.google.com, into their internet browser, a request goes to a local DNS server, which then locates the registered IP (internet protocol) address for that web server. This exchange is the weak link in the internet's infrastructure. When a pharmer poisons a DNS server, he changes the IP address for the domain and sends visitors to a completely different web site, usually without their knowledge.To understand this process, think of an IP address as a person's phone number. Similarly, a DNS server would be equivalent to a phone book, which looks up the web site's name and produces the IP address. In a pharming attack, the pharmer simply changes the phone numbers in the phone book and leads users to counterfeit web sites.This is also the case with Host file pharming attacks. In addition to corrupting the DNS server, pharmers can corrupt the Host file on a user's PC. The Host file is another phone book that translates the web site's URL into a numeric code. When a pharmer changes the information on a user's Host file, they change the IP address for a domain and send the visitor to the false site. The user usually has no idea the host file has been changed, nor does the average user know how to check their host file.Unfortunately, users cannot tell that they have been a victim of a pharming attack by simply looking at the URL in their internet browsers. In fact, the URL and the site itself will most likely look legitimate to site visitors.San Diego-based Anonymizer Inc. believes that it has a solution: proactively defending users against pharming attacks by routing all customer internet traffic through Anonymizer's protected DNS servers, which are secured against all known instances of pharming attacks.Anonymizer says its on-line identity protection solutions intercept all browser requests before returning the page to the end user. Due to the fact that the user's host file is never accessed, people using Anonymizer are protected from these vicious attacks."The rise of on-line shopping, internet banking and electronic bill paying has created a large target for criminals to capture login information, credit card numbers, and more," said Lee Itzhaki, director of product management at Anonymizer."While the industry is scrambling to develop tools to combat pharming attacks, Anonymizer's sophisticated network-based security model allows us to adapt to a variety of new threats in near real-time without any changes to the user's software or systems. This proactive protection enables consumers to defend themselves against increasingly sophisticated threats and to continue to enjoy the convenience of the internet without fear of having their identities stolen or compromised," he concluded.
Planning reforms confirmed in England should encourage developers to bring forward plans for more small-scale solar and onshore wind projects, though local politics is likely to continue to dictate how those proposals are received in different parts of the country, an expert has said.
A recent English Court of Appeal ruling has cleared the way for a full trial of a long-running environmental class action against Shell brought by two Nigerian communities.
Upcoming changes to existing competition rules and the introduction of new rules will substantially strengthen and expand the UK Competition and Markets Authority’s (CMA) investigatory and enforcement powers resulting in higher stakes for businesses that do not comply, an expert has said.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
We are processing your request. \n Thank you for your patience.An error occurred. This could be due to inactivity on the page - please try again.
