Abstract: HTTP requests initiated from a web browser of a client computer system are proxied prior to release to a router, such as a home router. HTTP requests identifying a referrer URL corresponding to routable, public IP address and a target URL corresponding to a non-routable, private IP address are determined to be indicative of a drive-by pharming attack, and are blocked from sending to the router. HTTP requests not identifying a referrer URL corresponding to a routable, public IP address and a target URL corresponding to a non-routable, private IP address, the HTTP request are not determined to be indicative of a drive-by pharming attack, and are released for sending to the router. In some embodiments, an HTTP response received in response to a released HTTP request is proxied prior to release to the web browser. An HTTP response having content of type text/html or script is modified as indicated to prevent malicious activity and released to the web browser.

Abstract: Methods for detecting an attempt to perpetrate fraud on a user utilizing a client-supplied link and a client-supplied IP address from a user computer. The method ascertains a first autonomous system number (“first AS number”) from the client-supplied IP address and a second autonomous system number (“second AS number”) from the client-supplied link. If the first AS number and the second AS number are not AS group peers, a pharming attempt is detected. Alternatively or additionally, the method includes analyzing a content of a webpage that is accessed using the client-supplied IP address to ascertain an identity of an apparent owner of the webpage and ascertaining a third autonomous system number (“third AS number”) from the identity of the apparent owner of the webpage. If the first AS number and the third AS number are not AS group peers, a phishing attempt is detected.

Abstract: The present invention provides a technique of preventing a user from being tricked into revealing personal information by pharming. Security server 50 checks whether a combination of a domain name and an IP address of WWW site 30 to be accessed by PC 10 is registered in access-permit DB 55a or access-inhibit DB 55b. Security sever 50 also checks whether the combination is registered in any of secure DNS servers 40 registered in secure DNS DB 55c. On the basis of a result of the checks, security server 50 controls an access by PC 10 to WWW site 30.

Abstract: The present invention provides a technique of preventing a user from being tricked into revealing personal information by pharming. Security server 50 checks whether a combination of a domain name and an IP address of WWW site 30 to be accessed by PC 10 is registered in access-permit DB 55a or access-inhibit DB 55b. Security sever 50 also checks whether the combination is registered in any of secure DNS servers 40 registered in secure DNS DB 55c. On the basis of a result of the checks, security server 50 controls an access by PC 10 to WWW site 30.