[virusinfo] Panda Software reports the emergence of pharming as a serious threat to users - 3/23/05

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: virusinfo@xxxxxxxxxxxxx
  • Date: Fri, 25 Mar 2005 16:39:12 -0800

From; Oxygen3:

"You can fool some of the people some of the time,
                 you can fool some of the people all the time,
                but you can't fool all the people all the time".
                  Abraham Lincoln (United States, 1809-1865),
                  President of the United States of America

- Panda Software reports the emergence of pharming as a serious threat to
users -
    Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, march, 23th, 2005 - Panda Software is now warning of the emergence
of a new online fraud technique, sophisticated and dangerous: pharming.

Pharming involves altering DNS (Domain Name System) addresses so that the
web pages that a user visits are not the original ones, but others created
specifically by cyber-crooks to collect confidential data, especially
information related to online banking. 

Pharming attacks can be carried out directly against the DNS server, in
such a way that the change of address will affect all users accessing this
server while they browse the Internet, or they can be carried out locally
i.e. in individual PCs.  This second scenario is much more dangerous, not
just because it is more effective, but because it is easier for attackers. 
They only need to take two actions: modify a small file, called hosts,
which can be found in any computer running Windows and using Internet
Explorer to access the Internet; and create a false web page.  The host
file stores a small table with the server and IP addresses most commonly
accessed by the user, so that it is not necessary to access the DNS server
to convert Internet addresses (URLs) into IP addresses.  If this file is
overwritten, for example, with false addresses for online banking pages,
whenever a user types the name of this bank in the browser he will access
the page created by the hacker which has exactly the same appearance as the
genuine page. The unsuspecting victim could then enter confidential data
unaware that it is really falling into the hands of the cyber-crook.

The hosts file can be edited directly by the hacker (by accessing remotely
to the system) or using malicious code, normally Trojans such as some
variants of the Bancos, Banker and Banbra families. Pharming attacks can
also be perpetrated by exploiting any software vulnerability that gives
access to the system files.

Panda Software is offering the following advice to users to help prevent
them falling victim to pharming attacks:

- Use anti-malware software combining proactive and reactive detection
systems: the simplest way of manipulating a computer so that it becomes the
victim of a pharming attack is by using malicious code, generally Trojans.
It is highly advisable to use proactive protection systems that can
pre-empt threats and block them simply by analyzing their behavior.
 
- Install a personal firewall: this precaution will prevent a hacker from
entering the computer through an unprotected communication port and
modifying the system. 

- Frequently update the software installed on the computer or have
automatic update systems enabled to ensure there are no vulnerabilities
that can be exploited in order to launch these kinds of attacks.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste'  options to join the pieces of the
URL.

------------------------------------------------------------ 

The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner: 1)Netsky.P; 2)StartPage.FH; 3)Mhtredir.gen;
4)Downloader.GK; 5)Shinwow.E.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member

Other related posts:

  • » [virusinfo] Panda Software reports the emergence of pharming as a serious threat to users - 3/23/05
  1. Home
  2. virusinfo
  3. Archive
  4. 03-2005