Panda Software Reports An Increase In Phishing Attacks And The Emergence Of Pharming As A Serious Threat To Users

MADRID, March 22, 2005 According to the data collected by Panda Software’s international tech support network, online fraud attempts are on the increase. On the one hand, new phishing e-mails are detected every day around the world. This dangerous technique is used to gather confidential information by stealing the identity of a legitimate person or organization (normally by means of fraudulent e-mails directing users to a spoofed web page). On the other hand, the company is now warning of the emergence of a new online fraud technique, which is even more sophisticated and dangerous: pharming: www.pandasoftware.com/about/press/phising.htm

Pharming involves altering DNS (Domain Name System) addresses so that the web pages that a user visits are not the original ones, but others created specifically by cyber-crooks to collect confidential data, especially information related to online banking.

When a user types in an Internet address, in order to access the page the address must be converted to the real IP address, in the following format: 000.000.000.000. Normally, as a browser is not able to make this conversion, a DNS server is needed. These servers administrate the names corresponding to each of these numeric sequences and take the user to the page he wants to see. If the server doesn’t correctly resolve each IP address with the domain name entered, the user will not see the correct page.

Pharming attacks can be carried out directly against the DNS server, in such a way that the change of address will affect all users accessing this server while they browse the Internet, or they can be carried out locally i.e. in individual PCs. This second scenario is much more dangerous, not just because it is more effective, but because it is easier for attackers. They only need to take two actions: modify a small file, called hosts, which can be found in any computer running Windows and using Internet Explorer to access the Internet; and create a false web page. The host file stores a small table with the server and IP addresses most commonly accessed by the user, so that it is not necessary to access the DNS server to convert Internet addresses (URLs) into IP addresses. If this file is overwritten, for example, with false addresses for online banking pages, whenever a user types the name of this bank in the browser he will access the page created by the hacker which has exactly the same appearance as the genuine page. The unsuspecting victim could then enter confidential data unaware that it is really falling into the hands of the cyber-crook.

The hosts file can be edited directly by the hacker (by accessing remotely to the system) or using malicious code, normally Trojans such as some variants of the Bancos, Banker and Banbra families. Pharming attacks can also be perpetrated by exploiting any software vulnerability that gives access to the system files.

According to Luis Corrons, director of PandaLabs, “Pharming is indicative of a general sea-change in relation to Internet threats. We are seeing more and more attacks that are not aimed exclusively at affecting as many users as possible, but are being exploited for financial gain. It is therefore necessary to adapt to the situation and take adequate measures to prevent these attacks.”

Panda Software is offering the following advice to users to help prevent them falling victim to pharming attacks: – Use anti-malware software combining proactive and reactive detection systems: the simplest way of manipulating a computer so that it becomes the victim of a pharming attack is by using malicious code, generally Trojans. Bear in mind that many Trojans enter systems unknown to users, so some of them may be in circulation for some time before antivirus companies detect them and can generate the corresponding vaccine. This is why it is highly advisable to use proactive protection systems that can pre-empt threats and block them simply by analyzing their behavior.

– Install a personal firewall: this precaution will prevent a hacker from entering the computer through an unprotected communication port and modifying the system.

– Frequently update the software installed on the computer or have automatic update systems enabled to ensure there are no vulnerabilities that can be exploited in order to launch these kinds of attacks.

According to Corrons, “Traditional reactive solutions like antiviruses are not sufficient to combat the threat of pharming. Proactive systems are needed, like TruPreventTM Technologies which can detect unknown threats before they take malicious action. Since these technologies were launched in August 2004, they have detected and blocked more than 1500 unknown Trojans, allowing us to offer rapid and effective protection to our clients.”

About Panda Software

Panda Software is one of the world’s leading developers of IT security solutions, with offices in 50 countries. It is an established pacesetter for the sector in innovation and expansion and is unequalled in terms of satisfying customers’ needs for the most advanced technologies, products and services to keep IT resources free from viruses and other threats at the lowest possible Total Cost of Ownership. The company’s unique TruPrevent(tm) Technologies, the most intelligent technologies to combat unknown viruses and intruders, offer unrivalled preventive protection for all types of clients: from the largest corporations through small and medium-sized companies to home users.

For more information and evaluation versions of all Panda Software solutions, visit our website at: http://www.pandasoftware.com/.