Anti-pharming

Abstract: A variant of phishing involves subverting an Internet access point, often used for mobile computing. Malware can route user requests for bank websites into a phisher's private network, with fake bank websites (pharming). The user can have a 'mobile password' at the bank. When she connects from an access point, she sends a hash, found from the password, starting at some position in it. The bank returns a hash, found from the same password, starting at another position in it. Each can verify the other. We protect both from a man in the middle attack. By hashing a web page and the mobile password, and inserting the hash into the page that is sent, the recipient can verify that the page is untampered. We use an anonymizer, external to the access point. A user pre-establishes a password with the anonymizer. At the access point, she and the anonymizer use a zero knowledge protocol to verify each other, based on the password. Then, the password encrypts communication between them. From the anonymizer, she logins elsewhere. The anonymizer is our man in the middle, to defeat a man in the middle attack. We extend earlier antiphishing methods, to attack pharms for non-existent banks, or that are unauthorized websites for actual companies. We show how to use a plug-in to let websites share several two factor implementations. This reduces the cost and inconvenience to consumers, who might otherwise have to carry and use a different two factor gadget, for each of their bank accounts or other corporate websites that mandates the usage of two factor authentication. By expanding the scope of two factor usage, we improve the security of e-commerce, without having to use a public key infrastructure.

Abstract: A method and system for discovering domain name system (DNS) pharming, comprising: obtaining an answer to a question from two different sources; comparing the answers; determining that the technology is not suspect when the answer is the same; and determining that the technology is suspect when the answer is different.

Abstract: Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser, but they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or pharming is presented, using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or pharming, but observes if there were HTML code changing between plug-ins and a server.

Abstract: An anti-pharming method is provided to fundamentally prevent pharming damage by detecting pharming attacks through DNS(Domain Name Service) server hacking, and host file, DNS server, and proxy server setting modification of a user computer from the user computer An anti-pharming program obtains a domain name, an IP(Internet Protocol) address, and a DNS server address of protected sites The anti-pharming program is installed and executed in a user computer(100) The anti-pharming program extracts a domain name of a connected site when a web browser is executed in the user computer The anti-pharming program extracts a current connected IP address when the domain name is included among domain names of the protected sites The anti-pharming program compares the current connected IP address with the IP address of the protected sites(600) The anti-pharming program displays a notice to a user or reconnects to the IP address of the protected site when the current connected IP address is not identical with the IP address of the protected site(700)