Translate

What is Pharming Attack?


Pharming : is a sophisticated technique that allows automatically re-directing a user to a malicious site. It means, it redirects you to some malicious website without your knowledge. It's quite embarrassing huh.



There are several ways of to do this pharming attack. One of the simplest and less sophisticated ways is to modify the hosts files. This file allows storing IP - domain names to
speed up surfing and avoid consulting a DNS server. For
example, if the hosts file contains: xxxx.xxx.xxx Company.com
Every time that the user enters Company.com into the
browser, the PC won't consult a DNS but rather it will
consult the hosts file first and, if it finds this domain name, it
will take the IP address XXX.XXX.XXX.XXX which is a
counterfeit website where the attacker steals the credentials by phishing attack.

To carry out a pharming attack, three things are needed:

1. A batch script to write the malicious IP and domain names onto the hosts files.

2. A joiner to join this batch file onto another file (image, video, music, etc.) in an executable EXE along with the appropriate icon to do social engineering and trick the user.

3. Any software in charge of making the generated executable undetectable to the anti-viruses


The first point is necessary because it is the essence of the attack. The other two points consist on making the user fall blindly into the trap by complementing it. The batch script is really simple, it can be done in a text editor and saved with the BAT extension:
@echo off
echo xx.xxx.xxx.xx www.company.com >>
%windir%\system32\drivers\etc\hosts
echo xx.xxx.xxx.xx company.com >>
%windir%\system32\drivers\etc\hosts
exit

To test it, it just has to be executed and then the hosts file can be checked in the following path:
%windir%\system32\drivers\etc\hosts.

Next, we enter the address www.company.com in any browser and it should automatically redirect to the IP xx.xxx.xxx.xx. The following steps consist of adding an additional file (an image, for example) to make it look like a postcard, changing the icon of the executable and confusing the code to make it undetectable to the anti-viruses.
%windir%\system32\drivers\etc\hosts.


To prevent yourself from a pharming attack, make sure you:

Install a firewall. Hackers send pings to thousands of computers, and then wait for responses. A firewall won’t let your computer answer a ping. The firewalls of some operating systems are “off” as a default, so make sure your firewall is turned on and updated regularly.

Use comprehensive security software which includes a firewall and scans your computer for spyware. It also protects all your smartphones and tablets as well. And make sure to keep your security software updated.

1 comment: