Home / Blogs

What is ‘Pharming’ and Should You Be Worried?

The sky is falling! The sky is falling! ...or is it?

What is this thing called “pharming”? Put simply, it’s redirection of web traffic, so that the server you think you’re talking to actually belongs to a criminal. For example: you think you’re talking to www.examplebank.com because it says so in the browser’s address bar, but actually you’re connected to www.mafia-R-us.ru.

This can happen in three main ways:

  1. DNS Hijack: a social engineering attack on the Internet infrastructure. Criminals pretend to be the domain owner and have the bank’s name re-pointed to their servers.
  2. DNS Poisoning: as above, but a technical attack, taking advantage of possible bugs in the DNS.
  3. Malware: a virus, worm, Trojan, or piece of spyware could redirect traffic, usually by writing to the Hosts file, thus circumventing the DNS altogether.

None of these issues are new. This is unlikely to become as big a problem as phishing. Beware of scare-mongers looking for cheap publicity.

So this isn’t as big a problem as some people believe. Let’s examine the reasons in more detail, and provide some actionable recommendations for organizations. While I’m at it, I’ll also take the lazier banks to task for not doing more to protect their customers from phishing and pharming attacks.

The fundamental reason that this isn’t as big a problem as some believe is that it’s not a new problem. In other words, we’re not starting from ground zero. It’s not like the phishing problem, in that respect.

Here’s why we needn’t worry too much about each of the three redirection methods above:

There were two high-profile DNS hijacking cases recently: suffered by Panix and eBay Germany. Neither of these cases would have happened if the correct, standard procedures had been followed by the respective domain registrars. The very fact that they did happen will cause domain registrars the world over to more carefully follow existing procedures.

DNS poisoning relies on hackers finding security holes in the DNS infrastructure. Such potential security problems are rare, and tend to be quickly fixed. The weakest point is likely to be local DNS caches in firewall products. Organizations using such features should ensure that they have processes in-place to ensure that they are always up to date with security patches.

Most organizations and individual consumers now recognize the need for anti-virus scanning. Increasingly, they are also recognizing the need for anti-spyware scanning. Such scanners mitigate the malware risk. Organizations without a strategy to filter all types of malware (not just classic viruses) should develop and implement one.

Finally, and perhaps most importantly, we should critically examine the security of the banks and other websites that pharming and phishing seek to attack. For example, a surprisingly large number of banks still rely on a simple username/password combination; many of them claim that users will not accept the additional burden of stronger authentication methods. This is a lazy and complacent attitude. (I recently wrote a report for Ferris Research, Phishing: What To Tell End-Users, which included several other recommendations for banks and other websites, to help them phoil phishers.)

While malicious redirection is a significant potential issue for internet users, recent PR-led activities risk blowing the severity out of proportion.

By Richi Jennings, Independent Consultant

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign