Step 1: Example of Internet Threat

Here are the links:
(This example is the most recent example that has sufficient information on this subject, 2007)

Summary of the internet threat:
Online customers of 50 financial institutions in the US, Europe and the Asia-Pacific have been affected to a result of pharming. Users accessing the online banking site will be led to a fake look-a-like site that will download malicious software. This software will cause the automatic further download of 5 more files from a server in Russia. This will cause the browser to display a connection error, as a result of this error, it will display suggestions for the user to disable firewall and anti-virus programs. Once this has been initiated, login information will be transferred to the attacker in Russia whilst the user to passed to the legitimate site being already logged in.
Week of 22nd February 2007.

Step 2: IT Background - how does it work?

How does it work?
Phishing: Phishing is a spam message that contains a link to what appears to be a legitimate business, such as your bank, but actually a fake website. The email often states that you must update your account information through a fake link to a scammer's website. When the user is fooled by this, they give out personal information to the fake website. This can lead to the loss of personal information and security data.

Pharming: Pharming can be done through the use of a virus or some other technique that when the user types a legitimate address into the browser, the virus redirects the user to a fake website. This redirection is done by the attacker accessing the DNS servers and changing the address of a certain DNS to the address of their own website. The fake website will often look the same or be very similar to the legitimate website. This is almost undetectable and therefore will cause the user to fooled into thinking that it is the legitimate website where they will enter their log in information. Once the user information has been entered, this data will be recorded by the attacker and causing the data to be lost eventually. This is common amongst fake sites to steal accounts such as those that involve high amount of payment for a particular online service or is common in online banking.
In the case of the study, this attack was from Russia where an online banking site was targeted and the DNS servers from the Estonia, UK and Germany were hacked into affecting users from the US, Asia-Pacific and most parts of Europe.
external image pharming-diagram.png
  1. Attacker accesses the DNS server changing the address of the domain name to one of the fake site.
  2. The user tries to access through typing the domain name, the user's computer will simultaneously make a request to the DNS server.
  3. DNS server will send back information which redirects the user to the modified address.
  4. The user is then sent to the fake site.

Step 3: Explain the Impact


  • Users of the online banking site
  • People responsible for hosting the servers
  • Pharming Attacker
  • Banks

How were they affected?

  • Users
    • Log in information was stolen and therefore account was suspended to prevent any further loss of data.
  • Server hosts
    • Servers are blacklisted for being faulty and having incorrect information.
  • Attacker

  • Banks


Short term
Long term


Step 4: Possible Solutions

  • Please describe ONE technical and ONE non-technical solution to the internet threat.
  • Evaluate each solution
  • Compare the solutions
  • Which one is better and why?

Please acknowledge your sources by linking throughout the document