Pharming

Pharming redirects you from a legitimate website to a bogus copy, allowing criminals to steal the information you enter.

Pharming exploits the way that website addresses are composed.

Each computer on the internet has a numerical “IP address”, e.g. 127.0.0.1. However, these are not easy to remember, so web addresses also have a domain name, like sophos.com. Every time you type in an address, the domain name has to be turned back into the IP address. A DNS or Domain Name Server on the internet handles this, unless a “local host fi le” on your computer has already done it.

Hackers can subvert this process in two ways. They can send out a Trojan horse that rewrites the local host fi le on your PC, so that it associates the domain name with a bogus website. You are then directed to that site, even though you enter the correct address. Alternatively, they can “poison” the DNS directory, i.e. alter it so that anyone who tries to visit that address is directed to the bogus site.

To avoid pharming, make sure that you use secure web connections when you access sensitive sites. Just look for the https:// prefi x in the web address. If a hacker tries to mimic a secure site, a message will warn you that the site’s certifi cate does not match the address being visited.

If you see a warning that a site’s certifi cate is not valid or not issued by a trusted authority, you should not enter the site.

There are also software solutions. Some software can display a warning if you enter personal information in reply to an unknown email address. Other utilities can check to see if websites or IP addresses are blacklisted.

Sophos.com