A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on
the user’s host:
Old `hosts’ file:
New `hosts’ file:
Which of the following attacks has taken place?
We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the
URL: www.comptia.com to 188.8.131.52 instead of the correct IP address.
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related)
information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail
requests for you to visit spoof Websites which appear legitimate, pharming ‘poisons’ a DNS server (or hosts
file) by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere.
Your browser, however will show you are at the correct Website, which makes pharming a bit more serious and
more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows
the scammers to target large groups of people at one time through domain spoofing.