'm Robert Vamosi, senior editor, CNET and today I'm talkingabout pharming attacks, which are related to phishing and what it is, is a wayof hijacking an Internet domain. What makes it insidious is you have no way ofknowing that it's going on.
What I've done here today is I mapped out how your typicalbrowser request a Web page to show up on your computer. So you start out liketyping in a common name for your bank. Your computer sends out a request towhat's called a Domain Name Service server that replies with an address on theInternet in numerical expression, which goes back to your computer and thengoes out to that address on the Internet and connects to the bank. The bankthen sends back the page that you want to see to connect.
Now, in a pharming attack, somebody has managed to rewritethe Domain Name server address. So when you send out the request for bank.comand it goes to the DNS server, it comes back with a fraudulent address andinstead of connecting to the bank you connect to a fraudulent server over here,which we all know from phishing experience can be very convincing when the Webpage comes back, it looks very similar to what you expected to find, exceptthere may be additional information that you didn't plan on giving your bank.
Is there anything that can be done about a pharming attack?Well, yes there is and something that the bank can do by turning on acertificate authority and what happens there is the request that you send outstill goes to the DNS server. The DNS server brings back the numerical address.It connects to the bank, but now the bank turns on an additional feature, whichsends out a message to a trusted authority, and the trusted authority says,yes, this is the numerical address that I show for the bank. This is in factthe bank that you are connecting to. You see on your screen a little pop-upmessage that says you are connecting to the bank you say, yes and there's theactual Web page. So here's one method in which you can fight a pharming attack.
