Fortinet Prevents Pharming

SUNNYVALE, Calif. -- Fortinet – the pioneer and market leader of Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection – today is confirming its FortiGate™ systems, which are security appliances that provide integrated security applications, help defeat the growing threat of a new form of malicious electronic crime - ‘Pharming.’ Fortinet is complementing its integrated security applications with a new educational paper that offers enterprises, service providers and individual users a five-step method for identifying the difficult-to-detect phenomenon (detailed below).

Pharming is a highly sophisticated extension of the online confidence scam ‘Phishing’ and is best confined through a ‘blended network security response’ that eliminates threats including DNS poisoning, Trojan horse programs and key-logging spyware. During 2004, Gartner publicly reported that related crimes such as Phishing, whereby criminals use misleading e-mail and Websites to dupe individuals into sharing personal data like passwords, accounted for a staggering $2.4 billion in fraud, or an average of $1,200 per victim, during the last 12 months[1]..

Unlike Phishing, Pharming attacks hide silently in a network-connected computer and ‘harvest’ personal financial details of the users’ regular Web surfing activities. Users requesting a bona fide Website are unknowingly sent to a fake Website that mirrors a legitimate site. Once the pharming scheme is planted, malicious activity can be launched against a wide number of sites that the user may visit on a regular basis totally unknown to that user.

Pharming attacks are carried out using sophisticated blended attacks against DNS servers, typically involving DNS cache poisoning. Fortinet’s FortiGate integrated security appliances can be used to secure DNS servers with stateful firewall rules and provide antivirus and intrusion prevention (IPS) to stop attacks. In some Pharming attacks, spyware or Trojan applications installed on end hosts have also been used to perform keystroke logging and Website redirection without the user being aware. In these instances, users deploying Fortinet’s FortiGate systems on their network and/or FortiClient Host Security software on their desktop can receive immediate antivirus and IPS signatures from the 24/7 FortiGuardCenter.

To help eliminate the growing Pharming threat, Fortinet has released the following five-step guide to identifying whether a given Website being visited is part of a Pharming attack:

THE 5 WAYS TO SPOT A PHARMING WEBSITE

1) It doesn’t ‘feel’ quite right
The login process, verification or information displayed will not look precisely the same as the legitimate site.

2) It asks for more than is necessary
Pharming sites will most likely ask for additional verification or personal information that is not normally required.

3) There is no SSL padlock on the browser.
Legitimate websites requesting confidential information will always encrypt the session with Secure Sockets Layer (SSL). Look for the ‘padlock’ icon on your browser and double click on the padlock to verify the SSL certificate.

4) There is no ‘HTTPS’ for ‘secure’ in the address bar URL
On a safe site, the browser URL should contain the prefix https:// in the address bar. Pharmed sites do not normally have SSL certificates and will remain as http:// even when you are requested to submit confidential data

5) The browser alerts you to a SSL certificate problem
Spoofed SSL certificates should cause your browser to display a security alert message. Rather than ignore it, users should take the opportunity to check the certificate and take this as an obvious sign of a fraudulent website.

“Combining human engineering approaches with the proliferation of advanced virus code, the growing sophistication of malicious e-crime techniques is too much for many popular Internet security solutions,” said Adam Stein, Fortinet’s vice president of marketing. “While users need to be aware of the warning signs of Pharming, enterprises and service providers must increase their efforts to educate users about countering blended attacks with blended responses incorporating antivirus, intrusion prevention (IPS), firewall and other security measures for complete content protection of network traffic.”

Fortinet Inc.