A Dual Approach to Detect Pharming Attacks at the Client-Side
Pharming attacks - a sophisticated version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent website using DNS-based techniques. Pharming attacks can be performed at the client-side or into the Internet, using complex and well designed techniques that make the attack often imperceptible to the user. With the deployment of broadband connections for Internet access, personal networks are a privileged target for attackers. In this paper, we propose a dual approach to provide an anti-pharming protection integrated into the client's browser. Our approach combines both an IP address check as well as a webpage content analysis, using the information provided by multiple DNS servers. We present first experimental results and we discuss about future works and limitations of our approach.