Identity Thieves’ New Ploy: Pharming
Identity Thieves’ New Ploy 1: Pharming
2
How do people pharm?
Pharming scams take a few different forms: Attackers could use malicious 2 code, such as a virus, planted on a user’s PC to track keystrokes or change a computer’s settings to take users to fraudulent copies of the legitimate 3 Web sites they request, said Gary Steele, CEO of e-mail security company Proofpoint. Hackers 4 could also target any of the 13 “root” DNS servers that route all Internet traffic.
VeriSign operates two of the root servers, handling 14.5 billion DNS queries 5 a day for the .com and .net addresses it oversees 6. The company said security is tight on those servers, which are considered “national IT assets” by the federal government.
Peter Delgrosso, spokesman for United Online, which operates Internet service providers NetZero and Juno, said pharming was not yet a problem for them, but that it “certainly warrants our close attention.”
“This is not anywhere as big as phishing,” said Dave Jevans, chairman of The Anti-Phishing Working Group. “This requires technical sophistication.”
Don’t panic -- yet
Some experts downplay the threat, but signs of pharming are popping up.
In March, attackers exploited a vulnerability in Symantec firewalls to redirect users typing in google.com, eBay.com and weather.com to three malicious sites, according to the Internet Storm Center security Web site. Symantec quickly issued a fix to solve the problem.
Phillip Hallam-Baker, principal scientist at VeriSign, said potential damages from pharming depend on the level of response from those working with DNS technology.
“If we don’t take DNS security seriously,” he said, “at some point we’re going to get clobbered 8.”
Vocabulary Focus
malicious (adj) [mE5liFEs] intended to harm or upset other people
warrant (v) [5wCrEnt] to make something necessary; to justify 9
downplay (v) [5daunplei] to make something seem less important or less bad than it really is
clobber 7 (v) [5klCbE] to defeat completely
Specialized 10 Terms
firewall (n) 防火墙 a device or program that stops people from accessing a computer without permission while it is connected to the Internet
身份窃贼新伎俩:网址嫁接
2
网址嫁接如何进行?
盖瑞·斯蒂尔是电子邮件安全公司Proofpoint的执行官,他说网址嫁接诈骗案有几种形式:攻击者可将病毒等有害的程序码植入使用者个人计算机,以追踪键盘输入内容或篡改计算机设定,将使用者导向所要登上的真实网站的诈骗版本。黑客也可能攻击处理互联网络路由通信的13个“根”域名服务器中的任何一个。
VeriSign 经管两个根域名服务器,每日为所管理的.com 及.net网址处理145亿笔 DNS 查询。该公司说美国联邦政府视这些服务器为“国家级信息科技资产”,因此安全措施严谨。
United Online经营互联网络服务业者 NetZero 及 Juno。公司发言人彼得·德格苏说网址嫁接对该公司而言尚不是问题,“但的确值得密切注意”。
反网钓工作集团董事长大卫·杰凡斯说:“网址嫁接不如网络钓鱼猖獗,它需要用到精密技术。”
暂时不须恐慌
有些专家对这种威胁淡化处理,但是网址嫁接的迹象不断出现。
网络安全监督网站互联网络风暴中心指出,攻击者于3月间利用诺顿防火墙的一个弱点,将输入 google.com、eBay.com 及weather.com 网站的使用者引导至3个怀有恶意的网站。诺顿立即发布修复程序以解决问题。
VeriSign 首席科学家菲利普·何蓝贝克说,网址嫁接的潜在伤害取决于处理DNS技术人员的反应认真程度。
他说:“我们若不将DNS的安全问题当一回事,终有彻底被打败的一天。”
- I think this is just a government ploy to deceive the public.我认为这只是政府欺骗公众的手段。
- Christmas should be a time of excitement and wonder,not a cynical marketing ploy.圣诞节应该是兴奋和美妙的时刻,而不该是一种肆无忌惮的营销策略。
- You ought to kick back at such malicious slander. 你应当反击这种恶毒的污蔑。
- Their talk was slightly malicious.他们的谈话有点儿心怀不轨。
- Sickness is a legitimate reason for asking for leave.生病是请假的一个正当的理由。
- That's a perfectly legitimate fear.怀有这种恐惧完全在情理之中。
- They think of viruses that infect an organization from the outside.They envision hackers breaking into their information vaults. 他们考虑来自外部的感染公司的病毒,他们设想黑客侵入到信息宝库中。 来自《简明英汉词典》
- Arranging a meeting with the hackers took weeks againoff-again email exchanges. 通过几星期电子邮件往来安排见面,他们最终同意了。 来自互联网
- Our assistants will be happy to answer your queries. 我们的助理很乐意回答诸位的问题。
- Her queries were rhetorical,and best ignored. 她的质问只不过是说说而已,最好不予理睬。 来自《简明英汉词典》
- She oversees both the research and the manufacturing departments. 她既监督研究部门又监督生产部门。 来自《简明英汉词典》
- The Department of Education oversees the federal programs dealing with education. 教育部监管处理教育的联邦程序。 来自互联网
- The paper got clobbered with libel damages of half a million pounds.这家报纸被罚以五十万英镑的诽谤损害赔偿金。
- We got clobbered in the game on Saturday.我们在星期六的比赛中一败涂地。
- The paper got clobbered with libel damages of half a million pounds. 这家报纸被罚以五十万英镑的诽谤损害赔偿金。
- The robbers clobbered the shopkeeper to make him open the safe. 强盗们殴打店主迫使他打开保险箱。 来自辞典例句
- He tried to justify his absence with lame excuses.他想用站不住脚的借口为自己的缺席辩解。
- Can you justify your rude behavior to me?你能向我证明你的粗野行为是有道理的吗?
- There are many specialized agencies in the United Nations.联合国有许多专门机构。
- These tools are very specialized.这些是专用工具。