Pharming a Scary Harvest - Pharming in the News
(Page 2 of 4 )
Two separate stories about pharming that might be referring to the same incident were reported by Host Search and donga.com. According to the Host Search story, the malicious hacker or hackers took advantage of a flaw in Microsoft software to go after the customers of 50 banks around the world. In a type of attack we've seen many times before, the victims were directed to a web site that forces a vulnerable computer to download a Trojan horse. The nasty file would download five more files from a server in Russia. Servers in three other countries were also hosting the malware.
The hackers had sites that looked just like those of financial institutions all ready for the victims. Anyone using an infected computer to visit the legitimate versions of those sites would be redirected to the bogus ones. If they attempted to log in, they divulged their names and their passwords to the attackers.
The story from donga.com reported more than 65 financial institutions as falling victim to the attack, including British bank Barclays, American Express, Discover, eBay, and PayPal. The attack began on February 19 in Australia and spread around the world. By February 22, the fake sites had been shut down.
The attack was spread by a bogus email that reported the Australian Prime Minister had suffered a heart attack. Websense security firm stated that it included keylogger and phishing components. At the time Websense reported the attack, there were around 2,500 victims. Going back to donga.com's report, "The users who read the e-mail were infected with Trojan horse viruses, leading to the artificial change of the host file that connects internet addresses."
If these kinds of attacks sound familiar, that's because they aren't completely new. They've also been referred to as "DNS cache poisoning" attacks because they involve the compromise of domain name system servers - the computers responsible for taking URLs and resolving them into the correct addresses. The technique was first outlined in 1993 in a paper released by Christoph Schuba entitled "Addressing Weaknesses in the Domain Name System Protocol." CNet reported on the problem back in mid-2005. Needless to say, it hasn't gone away.
More Web Hosting News Articles
More By Terri Wells