Pharming is yet another way hackers attempt to manipulate users on the Internet. While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.
While a typical website uses a domain name for its address, its actual location is determined by an IP address. When a user types a domain name into his or her Web browser’s address field and hits enter, the domain name is translated into an IP address via a DNS server. The Web browser then connects to the server at this IP address and loads the Web page data. After a user visits a certain website, the DNS entry for that site is often stored on the user’s computer in a DNS cache. This way, the computer does not have to keep accessing a DNS server whenever the user visits the website.
One way that pharming takes place is via an e-mail virus that “poisons” a user’s local DNS cache. It does this by modifying the DNS entries, or host files. For example, instead of having the IP address 18.104.22.168 direct to http://www.apple.com, it may direct to another website determined by the hacker. Pharmers can also poison entire DNS servers, which means any user that uses the affected DNS server will be redirected to the wrong website. Fortunately, most DNS servers have security features to protect them against such attacks. Still, they are not necessarily immune, since hackers continue to find ways to gain access to them.
While pharming is not as common as phishing scams are, it can affect many more people at once. This is especially true if a large DNS server is modified. So, if you visit a certain website and it appears to be significantly different than what you expected, you may be the victim of pharming. Restart your computer to reset your DNS entries, run an antivirus program, then try connecting to the website again. If the website still looks strange, contact your ISP and let them know their DNS server may have been pharmed.