The lazy person's guide to internet hoaxes, myths and legends

CHIPS,  April-June, 2005  by Dale J. Long

• E-mail
• Print
• Link

While it is likely that these holes will have been patched by the time you read this, browser and e-mail vulnerabilities represent the main chinks in our armor that phishers and other malicious software authors have targeted recently.

The next wave of Internet-related scams, however, may move from phishing to pharming. While phishing is a social attack where the scammer throws out bait and hopes someone will nibble, pharming is more like sowing seeds and waiting for them to sprout and bear fruit. Pharming involves spreading a worm or virus to host computers that automatically and invisibly redirects your browser when you try to reach a particular URL.

As users become harder to dupe with phishing schemes, we may see a shift from phishing to pharming. While all alleged reports of this form of exploitation have so far involved redirects to advertising sites, it is theoretically possible that pharming worms could become sophisticated enough to allow scammers to create a look-alike site intended to steal account information and send out instructions to their worms to redirect you from your online banking or shopping site to theirs.

Apparently, it isn't happening yet, but it may only be a matter of time. It was not so long ago that we thought you could not get a computer virus from simply opening e-mail, so I have every expectation that someone will figure out how to make pharming work, too.

Another theoretical variation on pharming is based on Domain Name System poisoning. This occurs when the scammer confuses your DNS server into believing that the site you want is an Internet Protocol (IP) address that belongs to the scammer, not the site's actual numeric address. Most Internet services rely on DNS, which is a distributed Internet directory service that has two primary functions: (1) translate between domain names and IP addresses and (2) control e-mail delivery.

In particular, Web browsers depend on DNS to locate Web sites. While your browser shows you the text-based URL, the site that actually resolves is based on the numeric IP address, whether or not it is really the correct address. However, DNS servers do not always authenticate the source of the numeric IP address. In many cases, there is no way for a DNS server to be sure that the address actually came from the real site.

Plugging identification and authorization exploits like DNS poisoning can be a never-ending arms race with the DNS server constantly on the defensive. As with any security scheme, proper configuration of your system is crucial. If all DNS servers were configured using something similar to Secure Shell architecture, DNS poisoning or any similar scam that depends on trust-based vulnerabilities would be less of an issue. For more information, see the Internet Engineering Task Force Web site at http://www.ietf.org/html.char-ters/secsh-charter.html.

Mom Was Right

Of course, no amount of armor will protect anyone who insists on repeatedly swimming in shark-infested waters. There are some steps you can take to protect you from online scams, and they sound a lot like advice mom gave us when we were children: