NoteVerse

pharming

Comprehensive study notes, diagrams, and exam preparation for pharming.

Pharming

Definition

Pharming is a sophisticated cyberattack technique that redirects a website's traffic to a fraudulent, malicious website, even if the user has typed the correct URL into their web browser. Unlike phishing, which relies on clicking a malicious link, pharming operates by corrupting the system that translates human-readable domain names into machine-readable IP addresses.

Main Content

1. DNS Poisoning

  • DNS (Domain Name System) acts as the "phonebook" of the internet, mapping website names (like www.google.com) to specific IP addresses.
  • Pharmers corrupt the DNS cache on a local server or a user's computer, causing the computer to retrieve the wrong IP address for a legitimate site.

2. Host File Modification

  • Every computer has a "hosts" file that maps hostnames to IP addresses locally.
  • Attackers use malware to gain access to a victim's device and secretly update this file, forcing the browser to load a fake site instead of the real one.

3. Traffic Redirection

  • Once the user is redirected, the attacker displays a mirror image of the legitimate website (e.g., a bank login page).
  • The user, believing they are on the correct site, enters sensitive credentials like passwords or credit card numbers, which are then captured by the attacker.

Working / Process

1. Infection and Access

  • The attacker infects a victim's device or a DNS server with malware.
  • This malware grants the attacker administrative privileges, allowing them to alter system-level configurations.

2. Manipulation of Address Translation

  • The attacker modifies the DNS settings or the local hosts file.
  • The system is now configured to point the browser toward the attacker's malicious server instead of the authentic destination.

3. Execution of the Deception

  • The victim enters a URL; the browser checks the corrupted data and routes the request to the fake site.
  • The user interacts with the fake interface, unknowingly sending sensitive data directly to the attacker.
[User Types URL] -> [Corrupted DNS/Hosts File] -> [Malicious Server]
      |                                                |
(Normal Path)                                  (The Pharming Path)
      v                                                v
[Legitimate Website]                          [Attacker's Fake Page]

Advantages / Applications

  • For cybercriminals, this technique is highly effective because it does not require the user to "take the bait" by clicking a suspicious link.
  • It allows attackers to target a wide range of users simultaneously by compromising a single high-level DNS server.
  • It is often used for large-scale credential harvesting, identity theft, and financial fraud.

Summary

Pharming is a malicious cyber threat that intercepts internet traffic by corrupting DNS records or local system files, leading users to fraudulent websites without their knowledge. It is a dangerous form of digital deception that bypasses traditional security warnings. Important terms to remember include DNS (Domain Name System), DNS Cache Poisoning, Hosts File, and IP Address Spoofing.

← Prev: Cyber Defamation