In a previous post I discussed pharming from the perspective of abusing a DNS server and starting a wide-scale pharming attack. However, it's also vital to discuss the second perspective, namely the malware infected PCs whose hosts files could be abused to faciliate MITM phishing attack for instance. Consider the following DIY pharming tool that basically allows a list of anti virus software's update locations IPs to be added, and consequently blocked, as well as complete take control over the infected user's perception of where exactly is she online. The second version is lacking the "add a list" feature, and is entirely phishing attacks centered, and the way lists of the process names/files for every anti virus software have been used by malware shutting down the software, in this very same way, the online update locations for multiple AVs are also easily obtainable -- a topic I covered in a previous post.
An old friend recently approached me asking for my opinion on man-in-the-
middle phishing attacks, and whether or not I'm aware of any such DIY type of functions. Simultaneously, PandaSecurity released a very good screenshot of a feature within a botnet's C&C interface, worth seeing for yourself too. Despite that the current "push" phishing model seems to be fully working, and keylogging started evolving into "form grabbing", MITM phishing attacks I think would remain at the bottom of the attack model for the pragmatic and efficiency-centered phisher,who would otherwise have to either build a botnet on her own, or request access to such on demand.
