The poor man's pharm

InfoWorld - DNS poisoning requires elite hacking skills, which is why most analysts believe it falls short of a large-scale threat. But before you get too complacent, take notice of the poor man's pharm, a less sophisticated and far less costly way to hijack Web page requests and forward unsuspecting users to counterfeit sites.
Instead of harvesting requests from a DNS server, the "retail" version of pharming is a desktop affair in which a user unwittingly downloads spyware, a Trojan horse or a virus. This malware simply intercepts Web site requests and shunts the user to a bogus Web site. The rest is the now too familiar game of capturing your personal information and then redirecting you to the authentic site. Some say such low-rent pharming accounts for the vast majority of incidents.
"The bad guys are always trying to stay low enough in the food chain to escape notice but high enough to make money," explains Sam Curry, vice president of eTrust security management at Computer Associates Internation Inc. You can't get much lower than the desktop, but a rich score of user log-ins and passwords make the rewards high enough.
The simplest and best way to protect against the poor man's pharm is to ditch Microsoft Corp.'s Internet Explorer browser, said Dan Golding, an analyst at Burton Group. "IE is hugely susceptible to spyware," Golding said. "Use Firefox or another alternate browser."
Golding also said you can protect against low-rent pharming by simply employing the common-sense measures of running anti-spyware and antivirus software frequently. In addition, Curry said, every PC should have a personal firewall.
Another technique, somewhere between DNS poisoning and desktop hijacking, involves search engines. This scam takes advantage of the fact that users forget URLs -- for a bank Web site, for example. The user conducts a search on Google, gets a page of results, and clicks the first one that looks right. But in fact it's a bogus site.
"If you can tag your site so it shows at the top of a search query result page, you can be in the pharming business," said Jim Stickley, chief technology officer and co-founder of TraceSecurity. "This is what legitimate businesses do all the time -- namely, optimize their sites for various search engines."
Ken Silva, chief security officer at VeriSign Inc., said one of the best ways to defend against this and all other pharms is to educate users.
Some analysts, however, said enterprises have not done their job on this score. "Financial institutions are still primarilylooking to vendors like Symantec for protection," said Sophie Louvel, an analyst at IDC. For example, Golding said, one large national bank all but ignored a major phishing scam last year.

Reprinted with permission from

For more enterprise computing news, visit Infoworld.com
Story copyright 2006 InfoWorld Media Group, Inc. All rights reserved.