Pharming and Slurpware - New Internet dangers
01/21/05 Hardly has the normal Internet user gotten used to the idea of 'phishing', security experts are already warning about new dangers: pharming and slurpware. "Pharming is the next generation of phishing attacks," says Scott Chasin, from the security company MX Logic. Phishing is the attempt by Internet swindlers to wheedle confidential data from consumers using fake e-mails. "Pharming, in contrast, is a criminal redirect," explains Chasin. The new term was coined in November 2004 when visitors to the Amazon and Google websites were redirected to a pharmaceuticals site.
With pharming, hackers use weak points in browsers to enable counterfeit address lines to appear. Weak DNS servers (Domain Name Services) also enable attackers to redirect requests to other URLs. "Phishing means throwing out the bait and hoping that a fish will grab it," says Chasin. Pharming no longer relies on chance. There haven't been any hard and fast proofs of this yet, "but we know that all ingredients for a large-scale attack are present."
"Slurpware is the term used when all effective methods for Internet attacks come together to steal large amounts of money," according to Gartner analyst Jay Heiser. This could be, for example, e-mails gained from phishing, Trojan horses that steal passwords and the Russian Mafia as sponsor of the attack. Such combined attacks are not new, but Heiser believes they will increase in the future. eBay, PayPal and some US banks have already fallen victim to slurpware attacks.
"This is a sign that the technological level of the attacks is high," continues Heiser. One solution for the problem is stricter authentication methods such as hardware tokens. These have been used with a great deal of success in Brazil, the Netherlands, and Scandinavia.
AI
