What are Pharming & Phishing Attacks?


What is Pharming Attack?

  Pharming, this is a sophisticated technique that allows automatically re-directing a user to a malicious site. It means, it redirects you to some malicious website without your knowledge. It’s quite embarrassing huh. Don’t scratch up your head.

There are several ways of to do this pharming attack. One of the simplest and less sophisticated ways is to modify the hosts files. This file allows storing IP – domain names to speed up surfing and avoid consulting a DNS server. For example, if the hosts file contains: xxxx.xxx.xxx Company.com Every time that the user enters Company.com into the browser, the PC won’t consult a DNS but rather it will consult the hosts file first and, if it finds this domain name, it will take the IP address XXX.XXX.XXX.XXX which is a counterfeit website where the attacker steals the credentials by phishing attack.

tools4automate1

To carry out a pharming attack, three things are needed:

1. A batch script to write the malicious IP and domain names onto the hosts files.
2. A joiner to join this batch file onto another file (image, video, music, etc.) in an executable EXE along with the appropriate icon to do social engineering and trick the user.
3. Any software in charge of making the generated executable undetectable to the anti-virus
The first point is necessary because it is the essence of the attack. The other two points consist on making the user fall blindly into the trap by complementing it. The batch script is really simple, it can be done in a text editor and saved with the BAT extension:
@echo off
echo xx.xxx.xxx.xx http://www.company.com >>
%windir%\system32\drivers\etc\hosts
echo xx.xxx.xxx.xx company.com >>
%windir%\system32\drivers\etc\hosts
exit

To test it, it just has to be executed and then the hosts file can be checked in the following path:
%windir%\system32\drivers\etc\hosts.

Next, we enter the address http://www.company.com in any browser and it should automatically redirect to the IP xx.xxx.xxx.xx. The following steps consist of adding an additional file (an image, for example) to make it look like a postcard, changing the icon of the executable and confusing the code to make it undetectable to the anti-viruses.
%windir%\system32\drivers\etc\hosts.

To prevent yourself from a pharming attack, make sure you:

Install a firewall. Hackers send pings to thousands of computers, and then wait for responses. A firewall won’t let your computer answer a ping. The firewalls of some operating systems are “off” as a default, so make sure your firewall is turned on and updated regularly.

Use comprehensive security software which includes a firewall and scans your computer for spyware. It also protects all your smartphones and tablets as well. And make sure to keep your security software updated.

What is Phishing?

 Phishing (sounds like fishing), is a social engineer attempt to get the targeted individual to disclose all the personal information like user names, account numbers, sensitive data and passwords. This is often done set up fake web sites that mimic original, emails from corporations, banks, and customer support staff. Other forms of phishing attempt to get users to click on hyperlinks that will allow malicious code to be installed on the targets computer without their knowledge. This malware will then be used to remove data from the computer or use the computer to attack others. Phishing normally is not targeted at specific users but may be everyone on a mailing list or with a specific email address extension, for example all the users with extension “@companyName.com”.

What is Spear Phishing?

Spear Phishing is a type of phishing in which the target users are specifically identified. For example, the attacker may research to find the email addresses of the Chief Executive Officer (CEO) of a company and other executives and only phish these people. Spear phishing research their victims in detail in order to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.

Tools4Automate2

How to get rid of this attack?

  • It’s easy for phishers to create fake websites that look like the genuine article, complete with the logo and other graphics of a trusted website.
  • If you’re not at all sure about a website, do not sign in. The safest thing to do is to close and then reopen your browser clear your cache/history and then type the URL into your browser’s URL bar. Typing the correct URL is the best way to be sure you’re not redirected to a spoofed site.
  • Give a fake password. If you not sure if a site is authentic, don’t use your real password to sign in. If you enter a fake password and appear to be signed in, you’re likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don’t assume the site is legitimate.
  • Use a Web browser with antiphishing detection. Internet Explorer, Mozilla Firefox, Web browsers have free add-ons (or “plug-ins”) that can help you detect phishing sites.
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s