Pharming for Dollars - Lucrative for Some, Costly to Most

Remember the old farmer's joke:
Q. How do you make a million dollars farming?
A. Start with three million dollars.

While too true to be very funny for a traditional farmer, those numbers may be just the opposite when talking about pharming. This online fraud technique poses a growing threat, and a little investment by its perpetrators can prove very costly to its victims.

Many are familiar with phishing, which is the act of sending an e-mail that falsely claims to be from a legitimate business, in an attempt to trick the recipient into giving away account information, such as passwords. When this is accomplished by hacking, it's called pharming. Pharming is relatively new, but the end result is one of the oldest: financial fraud.

Jamz Yaneza, Trend Micro Incorporated Senior Threat Analyst, said that pharming is probably the most difficult fraud to perpetrate. It entails redirecting traffic at the DNS (Domain Name Server; the Internet version of a building directory) level and capturing this data stream for profit. Pharming poses a threat to online business by eroding trust between entities, thus preventing transactions from happening.

"As people move towards paper-less offices, these online threats can become bottlenecks to progress. Imagine what would happen if people couldn't do online trading, go to online auctions, and basically avoid sending e-cards?" asked Yaneza.

While most anti-phishing solutions are usually end-point oriented; protecting against pharming involves maintaining data traffic flow while preventing its redirection.

"In traffic redirection there are two ways in which this could be implemented that we see today: modification of the Windows HOSTS file and DNS spoofing or poisoning," said Yaneza.

"The first one, HOSTS modification, is part and parcel of most worms that are out in the wild. It can usually be remedied via anti-virus utilities and services."

DNS modification is usually done on a targeted level, say at a particular ISP or enterprise, where a compromised server with administrative rights is online, thus requiring a vigilant administrator to monitor networks against intrusion.