A user has unknowingly gone to a fraudulent site. The security analyst notices the following
system change on the user’s host:
Old `hosts’ file:
127.0.0.1 localhost
New `hosts’ file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?
A.
Spear phishing
B.
Pharming
C.
Phishing
D.
Vishing
Explanation:
We can see in this question that a fraudulent entry has been added to the user’s hosts file. This
will point the URL: www.comptia.com to 5.5.5.5 instead of the correct IP address.
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial
related) information through domain spoofing. Rather than being spammed with malicious and
mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming
‘poisons’ a DNS server (or hosts file) by infusing false information into the DNS server, resulting in
a user’s request being redirected elsewhere. Your browser, however will show you are at the
correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing
attempts to scam people one at a time with an e-mail while pharming allows the scammers to
target large groups of people at one time through domain spoofing.