Pharming goes a step further than phishing
. With pharming, the fraudster diverts traffic destined for a particular server
unnoticed to another server. Even if you use the correct URL, you still end up on the frauds' website. "Pharmers" can do this with a virus that changes the details in your name servers. When a URL is converted to an IP address you normally pass via the name servers you specified (or were specified via the DHCP of your provider). If a fraud is able to refer them to a name server
he set up, he is able to control to which site you surf.
The "pharmer" changes the IP number in different ways, usually via local DNS cache poisoning. The surfer goes to the website in question by entering a domain name that is linked to a specific IP number. To speed up the search in the future the computer saves these DNS results in the so-called cache memory (DNS cache). The next time the surfer wants to go to the www.dns.be website, the search will go quicker via the DNS cache.
Pharmers try to change the DNS cache via a Trojan horse or a virus, i.e. award a different IP number to a certain domain name. The next time you want to visit the website, you will be directed to a perfect copy of the website where you unsuspectingly fill in your bank details, which can then be used by the pharmers. The IP number can also be modified by poisoning the DNS servers. The same system is used as with local DNS cache poisoning, but on a higher level, more specifically the servers of internet providers, registrars or registries.
The last form of pharming is less frequent because the servers of internet providers, registrars or registries are usually very well protected, although these kinds of attacks cannot be excluded.