100 Chapter 3 · A Tangled Web Quite recently, the media have started using the term "pharming" to describe DNS poisoning (Robert Vamosi, "Alarm over Pharming Attacks," which can be read at http://reviews.cnet.com/4520-3513_7-5670780-1.html?tag=nl.e497).This term was obviously inspired by "phishing" attacks, although two techniques have very little in common.There is a nasty possibility, though, that DNS poisoning can be used for phishing. If DNS records for popular banks are poisoned, even if a user goes to a correct banking site he or she can be redirected to malicious Web sites masquerading as real bank sites.There is very little that can be done to counter such an attack (short of hard-coding IP addresses, which is not very user friendly).The problem is that authentication mechanisms for ascer- taining whether the target Web site is genuine are fairly weak. Manual inspection of the site's security certificate HTTPS would work, but many users are likely to miss even the fact that a site is not using encrypted (HTTPS) communication. Malware and the Web: What, Where, and How to Scan To be able to protect our computers from distribution of malicious code via the Web, we need to analyze what protocols we need to scan and decide where to erect our defenses and how exactly we are going to perform security checks. Let us address these issues (the "what," the "where," and the "how") one by one.