I wrote about phishing a few days back. It.s all about redirecting a user to a real-looking website and asking for personal information.
There is a worse form of the same trick called pharming. Pharming works by playing a nasty trick with a core Internet protocol called Domain Name Service or DNS.
Generally speaking, computers on the Internet have what.s known as an IP address. This is a 4-digit number with the numbers separated by dots/periods (like 192.168.100.47). When computers communicate on the Internet, they rely on IP addresses that are unique worldwide to get a message from one computer to another.
Most people would have a hard time remembering the IP addresses of their favorite 10 places on the Internet. Enter DNS. DNS translates a name like .www.webmail.us. into an IP address that will work on the Internet. So we can all use these names instead of IP addresses. But our email programs and our web browsers and every other Internet-aware program we have really rely on IP addresses to do their work for us.
What if someone reprogrammed DNS so that when a whole bunch of computer users typed in www.bigfacelessbankwithallmymoney.com they were given the IP address of a real-looking but fake website? The users might never know because we hardly ever look at IP addresses directly. The scammer running the website could collect personal information from hundreds or thousands of unwitting victims.
How DNS Can Get Poisoned
DNS, like any complicated thing, has a lot of steps required to make it work. There are Host files on every computer that can be reprogrammed; so a computer virus or trojan that affected Host files could do a lot of harm. These same malicious programs could change the listing of DNS servers that a computer uses to look up names and IP addresses; the computer would be asking the wrong servers to translate the names.
If a cracker broke into the DNS servers of a major ISP, hundreds of thousands of computers would be asking for the IP addresses of banks and online retailers from compromised servers. Worse yet, there is a group of DNS servers that are the backbone of the DNS system: the root DNS servers. If these were to ever be compromised, users all over the world would soon find that they were giving personal information to complete strangers.
Unfortunately there are a dozen other ways for DNS to get poisoned.
What You Can Do
Keep your anti-virus program up to date and scan your computer for viruses regularly. Use anti-spyware software, too. Microsoft has a program out there for free or use Spybot Search & Destroy or Ad-aware or any of a dozen other decent programs. These will all help keep your computer free from the malicious programs that might poison the DNS on your computer.
As for DNS poisoning at our ISP.s and the root servers.well, we just have to hope that the network professionals who manage those servers stay ahead of the bad guys. So far, this has mostly held true. And with pharming making more and more news network managers will be more vigilant than ever.