What is Pharming Attack?
There are several ways of to do this pharming attack. One of the simplest and less sophisticated ways is to modify the hosts files. This file allows storing IP – domain names to speed up surfing and avoid consulting a DNS server. For example, if the hosts file contains: xxxx.xxx.xxx Company.com Every time that the user enters Company.com into the browser, the PC won’t consult a DNS but rather it will consult the hosts file first and, if it finds this domain name, it will take the IP address XXX.XXX.XXX.XXX which is a counterfeit website where the attacker steals the credentials by phishing attack.
To carry out a pharming attack, three things are needed:
1. A batch script to write the malicious IP and domain names onto the hosts files.
2. A joiner to join this batch file onto another file (image, video, music, etc.) in an executable EXE along with the appropriate icon to do social engineering and trick the user.
3. Any software in charge of making the generated executable undetectable to the anti-virus
The first point is necessary because it is the essence of the attack. The other two points consist on making the user fall blindly into the trap by complementing it. The batch script is really simple, it can be done in a text editor and saved with the BAT extension:
echo xx.xxx.xxx.xx http://www.company.com >>
echo xx.xxx.xxx.xx company.com >>
To test it, it just has to be executed and then the hosts file can be checked in the following path:
Next, we enter the address http://www.company.com in any browser and it should automatically redirect to the IP xx.xxx.xxx.xx. The following steps consist of adding an additional file (an image, for example) to make it look like a postcard, changing the icon of the executable and confusing the code to make it undetectable to the anti-viruses.
To prevent yourself from a pharming attack, make sure you:
Install a firewall. Hackers send pings to thousands of computers, and then wait for responses. A firewall won’t let your computer answer a ping. The firewalls of some operating systems are “off” as a default, so make sure your firewall is turned on and updated regularly.
Use comprehensive security software which includes a firewall and scans your computer for spyware. It also protects all your smartphones and tablets as well. And make sure to keep your security software updated.
What is Phishing?
What is Spear Phishing?
Spear Phishing is a type of phishing in which the target users are specifically identified. For example, the attacker may research to find the email addresses of the Chief Executive Officer (CEO) of a company and other executives and only phish these people. Spear phishing research their victims in detail in order to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.
How to get rid of this attack?
- It’s easy for phishers to create fake websites that look like the genuine article, complete with the logo and other graphics of a trusted website.
- If you’re not at all sure about a website, do not sign in. The safest thing to do is to close and then reopen your browser clear your cache/history and then type the URL into your browser’s URL bar. Typing the correct URL is the best way to be sure you’re not redirected to a spoofed site.
- Give a fake password. If you not sure if a site is authentic, don’t use your real password to sign in. If you enter a fake password and appear to be signed in, you’re likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don’t assume the site is legitimate.
- Use a Web browser with antiphishing detection. Internet Explorer, Mozilla Firefox, Web browsers have free add-ons (or “plug-ins”) that can help you detect phishing sites.