Internet Guide Logo

Pharming

Last Edit: 10/01/17

Pharming is similar to phishing - phishing being the better known of the two security threats - whereas pharming attempts to spoof website content, phishing spoofs email messages (some are MMF chain mail). Spoofing is the practice of making a digital communication appear to come from one source - an official source - but is actually created elsewhere and is a fake.

Therefore, simple put, pharming works in the following manner: when an individual enters the URL (address) of a website - of a bank for example - the browser will not load the correct/official website but will redirect the browser to a spoofed/fake version of the website. The purpose behind pharming is to harvest login information, which can be used for nefarious purposes.

There are a number of techniques which can be employed to 'pharm', but by far the most obvious of them is the manipulation of a host file. A host file is simple a text file which is stored in a folder within an operating system. The location of the host file differs for each operating system. Host file's have been used by computers connecting to computer networks since the creation of ARPANET (forerunner to the Internet). The purpose of a host file is to to map a hostname(s) to an IP address(s): a hostname is a label (name) given to a device which connects to a computer network.

The World Wide Web is a document service on the Internet which uses domain names to provide the address of documents (hypertext document called a webpage). Domain names are used within hostnames and are assigned to IP addresses. A web browser is a software application which is used to locate and display webpages; a web browser will consult a host file to locate the address of documents on the World Wide Web

What the result of all this is: is that if a malicious individual is capable of manipulating the host file, then they can provide a web browser with the incorrect information. Therefore, when a host file has been manipulated, if a browser looks for the hostname/domain name/address of a banking website, it will be provided with the incorrect address and will be redirected to the address of a spoofed version of the website. The spoofed version will look identical to the official version, but has been created to steal information.