Pharming

Pharming utilizes "unauthorized changes to DNS entries which result in users being redirected to a spoofed, malicious website rather than the legitimate site they were attempting to reach." Like phishing, pharming is often used to steal private financial or personal information.

Public Perception
The practice of pharming is much less well known than that of phishing, and there seems to be some confusion on what is considered pharming vs. phishing. However, the concept of pharming is viewed by the public very negatively and is also frequently associated with criminal intent.

Outcome
This practice can result in identity theft, fraud, and hacking.

Historical Use
Frequently, the goal of pharming is to gain access to personal information, and this goal can be accomplished in multiple ways. Pharming can use malicious code to change a computer's host files in order to direct the user to a fake website that looks like the site they were trying to reach. It can also attack the DNS server directly through DNS hijacking or DNS cache poisoning, which allows pharmers to send users to websites they control.


 * DNS hijacking or DNS cache poisoning is viewed as a large security threat because the website's URL looks exactly like it is supposed to, which can trick the user into thinking they are on the real site. Pharming that uses DNS hijacking also will not be detectable with anti-malware software "because nothing need be technically wrong with the end users' computers." Additionally, in this kind of attack, many computers and networks can be sent to the pharmer's fake site through the compromised DNS server.


 * In some cases, DNS cache poisioning has been associated with forms of Internet censorship, where the DNS information of censored websites are redirected to an approved source. For more information on DNS hijacking and cache poisoning, see the Additional Resources section.

ICANN Policy
ICANN has no direct policy addressing pharming, but it does recognize the importance of implementing security measures to protect the DNS from hijacking or manipulation.


 * The use of DNSSEC or DNS Security Extensions may help guard the DNS from attacks and artificial manipulation, like those used in pharming. The goal of DNSSEC is to limit an "attacker's ability to redirect users using the DNS." In order to do this, DNSSEC employs a digital signing system so that each DNS record or entry in the root zone can be verified as genuine. This system would allow people to identify pharmed or poisoned records.

Legislation
There is no legislation directly addressing pharming in the US; however, as its outcomes can be very similar to phishing, pharming does fall under some state anti-phishing laws. For example, in Utah phishing, pharming, and other Internet frauds are addressed in one bill. Also, because pharming concerns the theft of sensitive personal or financial information, it can be viewed before the law as fraud, identity theft, or in the case of a spoof website, trademark infringement.

DNS Award
Awardees monitor and guard against security threats, such as pharming.

Additional Resources

 * Learn more about How DNS Cache Poisoning Works with these slides or the corresponding article.
 * Read tips on How to Avoid Pharming Websites
 * Find out How to Report Pharming to the FTC

Related Articles

 * DNS Hijacking
 * Malware
 * Phishing