Warning for On-Line Bankers

[Abigail]

Hackers strike again: 'Pharmers' targeting online bank users with new scam

By Jane Larson

Gannett News Service

Protect yourself

• It's difficult to detect and prevent pharming scams because they are largely transparent to personal computer users. The scams exploit weaknesses in the Domain Name System, or DNS, servers operated mainly by Internet service providers (ISPs). ISPs can provide the most robust protection by adding an additional layer of security to their DNS servers to thwart pharming.

• Until that happens, Windows XP and 2000 users should consider installing the free Netcraft Toolbar for Internet Explorer, which reports the country of origin of any Internet server to which you are connected.

• You may download the Netcraft Toolbar and read a tutorial about how to use it at http://toolbar.netcraft.com.

It's the next Internet scam, and it could be the most menacing.

The reason: Even experienced Internet users can become victims and not know it.

The ploy is called pharming - a play on "phishing," another type of Internet fraud - and it involves highly skilled hackers who secretly redirect users' computers from financial sites to the scammers' fake ones, where they steal passwords and other personal information. Even the Web address looks the same.

Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or credit-card firm. And it potentially can affect thousands of users at a time.

"With pharming, you don't have to do anything stupid to get on the hook," said Tom Leighton, chief scientist of Internet software firm Akamai Technologies Inc. in Cambridge, Mass. "You're just swimming along, and you get caught in the net."

It is just a matter of time before the scam becomes widespread, experts fear.

"If it didn't get worse, it would buck the trend of all known security problems," said David Jevans, a Silicon Valley executive who is chairman of the fraud-fighting Anti-Phishing Working Group.

The scam is so new that Internet security gurus have just started warning about it.

Leighton told a technology conference in December that hackers are targeting small sections of the Internet and rerouting traffic to fake bank sites to capture users' passwords. The legitimate sites don't notice the drop in Web traffic because it is just a fraction of the total.

An anti-phishing bill introduced in Congress last month also would apply to pharming. It calls for prison time and fines for those caught either phishing or pharming.

Security experts say pharmers have two main ways of operating: attacking either users' computers or the large servers that find Web sites for users.

The first way is to send virus-laden e-mails that install small software programs on users' computers. When a user tries to go to his bank's Web site, the program redirects the browser to the pharmers' fake site. It then asks a user to update information such as logons, PIN codes or driver's license numbers, said Chris Faulkner, chief executive officer of CI Host Inc., a Web-hosting firm in Bedford, Texas. Scammers use the information to steal identities.

Other viruses, called keyloggers, track a user's keystrokes on legitimate sites and can be used to steal passwords.

The pharmers' second method takes advantage of the fact that Web sites have verbal names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site.

Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address.

The servers can belong to financial institutions, Web-hosting companies or Internet service providers. This tactic, called DNS poisoning, has been around for years, but it is only in the past six months that techies have seen it used for identity theft and dubbed it pharming.

"It's like the name sounds," said Rami Habal, senior product manager at Proofpoint Inc., a Cupertino, Calif.-based e-mail security software firm. "They're planting the seeds of malicious code and harvesting the identity information later."

What alarms the experts is that pharming can reroute thousands of Internet users at a time, making the impact potentially huge.

"With phishing, you're scamming one person at a time with e-mail," Faulkner said. "Pharming allows you to scam a large group at once."

Pharmers generally come from overseas, such as China, Russia and Eastern Europe, experts say. They fear many are tied to organized-crime rings that buy and sell identity information.

Companies and big organizations can reduce the threat by keeping their software updated and patched. They also can install firewalls, filter for known scams, and watch for changes in Internet protocol addresses on their servers, the experts said.

Anti-pharming software is in the works.

[CM]

This is why I don't keep anything important on my computer anymore. We used to do online banking and bill paying but stopped a long time ago. I just don't know enough to keep the crooks away.

I suppose some have to use the comp for important stuff. Man, they got to be well informed and protected all the time.

[Steve!]

Umm, I wouldn't go installing any toolbars just yet.

Most of the toolbars out there are spyware.

Also, if you have your firewall up and running, keyloggers are not such a problem. A firewall will not allow unauthorized outbound traffic.

[CM]

This is from one of the virus protections I use and it will clean your comp of what it finds for free using the online virus scan. It found one when I ran it recently and cleaned it with no strings attached.

I'm not trying to sell you on their product but they are.

--

Dear Friend:

Don’t be the next victim. While you were sleeping, a new suite of Internet threats has been brought into the world. These are not viruses per se, but will strike and can cause much damage to your pocket book, and put you in a position where your vital information is on the auction block to the highest bidder.

You may have heard of the term Internet Phishing. This is where spam e-mail or pop-up messages trick you into disclosing vital personal information. It is a horrible and unwholesome event to experience, and up til now not much could be done about it. Like Phishing, Pharming will ultimately put your vital information in the hands of the perpetrator. However Pharming is more insidious, it is intuitive and less intrusive than Phishing and thus more dangerous.

Pharming is the misdirection of your browser. This is accomplished in two ways; the first is domain hijacking, and the second is called browser hijacking.

In both cases what this means is instead of you going to a trusted site to transact – your personal data is being harvested by the hijacker on a mock-up of that site.

It can involve a worm or a Trojan horse gaining access to your computer to exploit a vulnerability in the browser that allows fake URLs in the address bar.

In a recent survey conducted by CNET, 36 percent of those people that participated considered their computer to be their best friend. I don’t know if my computer is my BEST friend, but it is a darn good one. One that helps with my work all day, helps me stay in touch with friends and family in my off time and helps me to locate entertainment on weekends. A darn good friend, one that I hate to see “sick” (understand that this is purely a selfish thing).

I’m guessing that you feel the same, and this is the reason that I am offering you a 20% discount on Titanium Antivirus 2005.

Panda Titanium Antivirus 2005 is the best solution to prevent your vital information from being harvested by these Internet parasites. It will also block malicious content displaying misleading information trying to capture your information.

Travel far-- stay safe,

Tiare

Tiare Widmaier

Director of E-Commerce

Panda Software, U.S.A.

[pawtucket]

if you use firefox, they have a plugin that tells you what site you are REALLY on. It is pretty accurate. I have been using it for a while now.

[Ttessa]

Paw

I've been using Mozilla for some time now - love it. What is the name of that plug=in?

[WordWolf]

If you mean "SpoofStick",

I use it, but it's capable of being fooled-and I've seen it fooled

myself.