The PhishLabs Blog

Phishing with Wildcard DNS Attacks and Pharming

Posted by Eris Maelstrom on Mar 3, '17

The cyclical relationship between threat actors and security professionals begins with the creation of a new attack technique, followed by the discovery of that technique by the security community, and then a refashioning of the manner of attack or creation of another novel approach by threat actors. 

Phishers are always seeking better ways to entice victims into providing their personal and/or sensitive information, as well as to evade detection by security companies. 

Lately, we have observed an uptick in attacks utilizing  DNS records for malicious purposes. These attacks fall into two main categories: pharming and wildcard DNS attacks. This post provides examples of these methods and describes in detail how phishers use them in their attacks.

Read More

Topics: Pharming, R.A.I.D., DNS

Anti-Pharming 101: Countering Hosts File Pharming

Posted by Chris Bowen on Mar 11, '14

A few weeks ago, we took our first look into Pharming. We saw some basics about how it can be accomplished and detected. Let’s now take a bit of a deeper dive into the technical aspects that drive it and start talking in more detail about how we can detect and mitigate these types of attacks.

But before we discuss the details of how these attacks work, it is important to understand how a computer obtains an IP address (which is used to actually initiate a connection to a website) from the domain within a URL (such as https://login.mybank.com/online/login.html). When a Web user attempts to navigate to a site, their computer can determine an IP address by either consulting a local file of defined mappings, called a hosts file, or by consulting a DNS server on the internet.

Read More

Topics: Phishing, Fraud, Pharming

Anti-Pharming 101: What are pharming attacks?

Posted by Chris Bowen on Jan 31, '14

Pharming is a type of cyber-attack that hijacks a legitimate website’s traffic and instead directs it to a malicious web server. In many respects, pharming is similar to phishing in that it presents a victim with a page that appears to be 100% legitimate and trusted. But unlike phishing attacks, pharming attacks don’t rely on tricking a user into clicking on a malicious URL. Instead, the user navigates to the proper URL for a website (perhaps even by using the same bookmark as yesterday) and is directed to a bogus server hosted by the attacker. A page is presented that steals the user’s information – at least their account credentials – and is often not detected by a victim until information has already been compromised.

Read More

Topics: Phishing, Pharming

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all