Identity Thieves’ New Ploy: Pharming

 

2

 

How do people pharm?

 

Pharming scams take a few different forms: Attackers could use malicious code, such as a virus, planted on a user’s PC to track keystrokes or change a computer’s settings to take users to fraudulent copies of the legitimate Web sites they request, said Gary Steele, CEO of e-mail security company Proofpoint. Hackers could also target any of the 13 “root” DNS servers that route all Internet traffic.

 

VeriSign operates two of the root servers, handling 14.5 billion DNS queries a day for the .com and .net addresses it oversees. The company said security is tight on those servers, which are considered “national IT assets” by the federal government.

 

Peter Delgrosso, spokesman for United Online, which operates Internet service providers NetZero and Juno, said pharming was not yet a problem for them, but that it “certainly warrants our close attention.”

 

“This is not anywhere as big as phishing,” said Dave Jevans, chairman of The Anti-Phishing Working Group. “This requires technical sophistication.”

 

Don’t panic -- yet

 

Some experts downplay the threat, but signs of pharming are popping up.

 

In March, attackers exploited a vulnerability in Symantec firewalls to redirect users typing in google.com, eBay.com and weather.com to three malicious sites, according to the Internet Storm Center security Web site. Symantec quickly issued a fix to solve the problem.

 

Phillip Hallam-Baker, principal scientist at VeriSign, said potential damages from pharming depend on the level of response from those working with DNS technology.

 

“If we don’t take DNS security seriously,” he said, “at some point we’re going to get clobbered.”

Vocabulary Focus

malicious (adj) [mE5liFEs] intended to harm or upset other people

warrant (v) [5wCrEnt] to make something necessary; to justify

downplay (v) [5daunplei] to make something seem less important or less bad than it really is

clobber (v) [5klCbE] to defeat completely

 

Specialized Terms

firewall (n) 防火墙 a device or program that stops people from accessing a computer without permission while it is connected to the Internet

身份窃贼新伎俩：网址嫁接

2

网址嫁接如何进行？

盖瑞·斯蒂尔是电子邮件安全公司Proofpoint的执行官，他说网址嫁接诈骗案有几种形式：攻击者可将病毒等有害的程序码植入使用者个人计算机，以追踪键盘输入内容或篡改计算机设定，将使用者导向所要登上的真实网站的诈骗版本。黑客也可能攻击处理互联网络路由通信的13个“根”域名服务器中的任何一个。    

VeriSign 经管两个根域名服务器，每日为所管理的.com 及.net网址处理145亿笔 DNS 查询。该公司说美国联邦政府视这些服务器为“国家级信息科技资产”，因此安全措施严谨。    

United Online经营互联网络服务业者 NetZero 及 Juno。公司发言人彼得·德格苏说网址嫁接对该公司而言尚不是问题，“但的确值得密切注意”。  

反网钓工作集团董事长大卫·杰凡斯说：“网址嫁接不如网络钓鱼猖獗，它需要用到精密技术。”

 

暂时不须恐慌   

有些专家对这种威胁淡化处理，但是网址嫁接的迹象不断出现。   

网络安全监督网站互联网络风暴中心指出，攻击者于3月间利用诺顿防火墙的一个弱点，将输入 google.com、eBay.com 及weather.com 网站的使用者引导至3个怀有恶意的网站。诺顿立即发布修复程序以解决问题。   

VeriSign 首席科学家菲利普·何蓝贝克说，网址嫁接的潜在伤害取决于处理DNS技术人员的反应认真程度。   

他说：“我们若不将DNS的安全问题当一回事，终有彻底被打败的一天。”