Tuesday, January 31, 2012

Cybercrooks Spreading Malware via Fake “Browser Update” Pages

Would you believe a random website that stated your browser was out of date and prompted you to download the update from them?

It appears that cybercriminals are placing their bets that some of you would.

Researchers over at GFI Labs recently came across a series of bogus browser update pages that warn users upon visit that their browser is out-of-date and pretend to run a “system scan” before asking the user to download a malicious file named “update.exe.”

Fake browser pages for Internet Explorer, Firefox, and Chrome“Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe.” researchers at GFI Labs wrote.

During the analysis, researchers found that app.exe opens browser windows/tabs with random surveys, connects to a remote server in order to download random programs (some malware, some not) and starts when Windows does.

The fake browser updates are currently shown on the following websites:

  • aveonix[dot]org

  • vkernel[dot]org

  • smolvell[dot]org

  • stocknick[dot]org

  • webiqu[dot]org

  • dextler[dot]org

Other domains that are not listed may be included in the scam.

An easy way to spot the sites involved is by the shared content:
 “Attention! Your browser is out of date. We recommend to update it. The new browser version will protect your computer from different internet-dangers and make it safer.”

Users are warned not to download browser updates from unknown or untrusted sources and to use the browser’s built-in update feature in order to verify that they’re running the current version of their browser or download updates as needed.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, January 30, 2012

Symantec OKs using pcAnywhere again, hands out free upgrades

Professor Farnsworth says, "Good news, everyone!"“Good news, everyone!”

Symantec says that it’s now safe to use pcAnywhere and is offering all pcAnywhere customers a free upgrade to the most recent version, 12.5.

It was only five days ago that Symantec was urging users to disable pcAnywhere or use it only for “business-critical purposes” following the discovery that hackers had stolen the source code for several Symantec products, including pcAnywhere, during a server breach back in 2006.

Today, Brian Modena, a spokesperson for Symantec, told Reuters that the company had determined that it’s safe for users to use the current version of pcAnywhere 12.5, as long as it’s been updated with a security patch that was released on January 23rd.

Symantec pcAnywhereModena added that versions 12.0 and 12.1 were also safe to use if a second update that was released on January 27th is downloaded and installed.

Users should verify that they're running one of the versions that have received the green-light from Symantec and double-check that the proper updates are installed.

If you have any questions, feel free to contact Symantec by sending an email to pcanywhere@symantec.com.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Facebook Valentine's Theme is Malware in Hiding

When Valentine's Day blows up in your faceWith Valentine’s Day right around the corner, many of us are beginning to wonder what we’re going to do to show our significant others how much we love them.

Cybercriminals, on the other hand, are preparing to show everyone how much they love to run scams, spread malware and be a general nuisance to the public.

After all, it would be crazy to expect Valentine’s Day to come without a custom Facebook scam in tow, right?

This year, cybercrooks are hoping to treat the public with malware disguised as a Valentine’s Day Theme for Facebook.

Install Valentine's Day Theme for Facebook Spam
Hey guys did you checkout the new Facebook Valentine's Theme?

Me and My Lover Installed :D

It Looks so Lovely!! <3 <3 (Random gibberish)

Install Facebook Valentines Theme ! :D
Facebook Introduces the new valentines theme for valentines season

Clicking the link within the spam message promoting the bogus Valentine’s Day Facebook Theme will ultimately lead you to stalkers.jiteshkakkar.com, which will welcome you to join 78 of your Facebook friends that have allegedly installed the theme already.

Install Valentine's Day Theme

Unfortunately, clicking on the ‘Install’ link will initiate the download of a file called “FacebookChrome.crx”, which is not a Valentine’s Day Theme for your Facebook profile, but a malicious browser plug-in called “Facebook Improvement | Facebook.com” that will serve ads whenever you login to your Facebook profile, automatically like random Facebook pages and post spam on your friend’s walls on your behalf.

Isn’t that sweet of the cybercrooks?

One thing to note, though, is that this particular scam only shows affection towards those who are running Firefox or Google Chrome when they visit this offer. Internet Explorer users are not worthy of a malicious plug-in attack and are merely given a bunch of surveys to play with.

Tell Cybercriminals: "I'm just NOT that into you" &
Reject their Gift of a Rogue Browser Plug-in for Valentine’s Day

If you’re not into your browser being hijacked or being labeled as a spammer, here’s what you should do when presented with the rogue browser plug-in masquerading as a lovey-dovey Valentine’s Day Facebook Theme:

  1. Remove any Facebook wall posts you’ve posted and/or mark any messages you see advertising the Valentine’s Day Theme for Facebook as spam.

  2. If you have it installed, immediately disable and uninstall the “Facebook Improvement | Facebook.com” extension from Chrome and/or Firefox. (Need instructions?)

  3. Unlike any pages that were liked by the rogue plug-in by editing your profile and clicking ‘Activities and Interests’. There you will see the pages you’ve liked, along with the ability to unlike those you’re not genuinely interested in.

  4. Remove any spam that the browser extension posted on your behalf.

  5. Warn your family and friends not to fall for this scam or download any browser plug-ins from untrusted/unknown sources.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spammers Use Compromised WordPress Sites to Expose Users to Phoenix Exploit Kit

WordPressResearchers at both M86 and WebSense have been tracking a malicious spam campaign involving hundreds of compromised WordPress sites that direct unsuspecting users to the Phoenix Exploit Kit.

Initially discovered by Websense, the attack starts out by the victim receiving a spam email similar to this one:

Need your help spam message

Screenshot Credit: Websense

Subject: Need your help!

Hello! Look, I’ve receive an unfamiliar bill, have you ordered anything?
Here is the bill

Please reply as soon as possible, because the amount is large and they demand the payment urgently.

The link within the spam message will take the user to a specific page that the attacker has uploaded on the compromised WordPress website.

Interestingly enough, the malicious page placed by the attacker is located within the “/wp-content/” directory of the WordPress website and is only accessible via direct link. Therefore, users that visit the remainder of the website will not be exposed to the Phoenix Exploit Kit; only users that access this page will be affected.

According to the M86 analysis, “the general motivation of the attackers to compromise websites is mainly to bypass URL reputation mechanisms, spam filters and certain security policies” and use spam in order to direct traffic to the page.

Both examples of pages uploaded by the attackers on the WordPress sites show an obfuscated block of code that, when translated, reveals an iframe leading to the Phoenix Exploit Kit hosted on a Russian domain.

The kit will attempt to exploit multiple vulnerabilities in IE, Adobe PDF, Flash and Java in order to install malware, which Websense identified as a variant of Cridex.B, onto the victim’s PC.

Oddly enough, Chrome users are exempt from the dangers of falling for this trap. An analysis of the Phoenix Exploit Kit code by M86 researchers found that the cybercrooks explicitly excluded the Google Chrome browser from the attack for no apparent reason.

There’s no word on how the attackers managed to plant the malicious pages on the WordPress sites; however, it appears that the affected sites were all running WordPress version 3.2.1.

To stay safe, users are encouraged to keep their computers fully patched and protected with up-to-date antivirus software. As always, it's recommended that users avoid clicking links or downloading file attachments in emails from unknown sources.

Webmasters are strongly advised to make sure they’re running the most recent version of WordPress and use strong FTP/admin credentials to minimize the chances of their sites being compromised by a hacker.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, January 27, 2012

Spammers Promote Malware Masquerading as Google+ Hangouts Plug-in

Google+ HangoutsIn the past, I’ve mentioned that it’s generally a bad idea to buy or download any software that’s promoted via spam since there’s a good chance you’re getting malware.

As it turns out, that warning also applies to legitimate applications as well.

Spammers have begun sending out emails inviting users to try out Google+ hangouts, which Lifehacker recently named “the most popular online meeting services.”

Try Google+ Hangouts Spam

Screenshot Credit: Malware City (BitDefender)

Subject: Try Google+ Hangouts NOW!
Try Google+ Hangouts NOW!
Google+  Hangouts is the most popular online meeting service!

Although Google+ Hangouts really is a way for you to video chat with your colleagues, friends, or anyone else of your choice, spammers aren’t actually trying to promote it.

No, instead, BitDefender Online Threats Analysts report that once you click the link in the email, you will be taken to a spoofed site resembling the Google+ Hangouts download page. However, instead of getting the Google+ Hangout plug-in, you’ll be served a malicious exe file.

If you do want to play around with Google Hangouts, it’s strongly recommended that you download the plug-in directly from Google here: https://plus.google.com/hangouts

Remember not to download or purchase software from spam or unsolicited emails from unknown sources. Otherwise, you may end up paying for or accidentally downloading malware.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, January 26, 2012

Windows Media Player Vulnerability Exploited to Push Rootkit Malware

Windows Media Player logoResearchers at TrendMicro have discovered that a [patched] Windows Media Player remote execution flaw is being exploited in the wild in order to serve a malicious Trojan – identified TROJ_DLOAD.QYUA – with rootkit capabilities.

"The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.” Threat Response Engineer Roland Dela Paz wrote on the TrendMicro blog.

In the attack, the victim is taken to a malicious site with an HTML file that calls upon a MIDI file to trigger the exploit and uses JavaScript in order to decode the shellcode embedded within the HTML file.

If the vulnerability is successfully exploited, the shellcode will be decoded and executed and the shellcode will connect to another site to download an encrypted binary.

“This binary is then decrypted and executed as a malware detected as TROJ_DLOAD.QYUA.” Dela Paz wrote, “We’re still conducting further analysis on TROJ_DLOAD.QYUA, but so far we’ve been seeing some serious payload, including rootkit capabilities.”

The scary thing is that the user won’t know what hit them as the only thing they’ll see is the embedded Windows Media Player streaming the MIDI file on-screen – all of the malicious activity will be quietly carrying on in the background.

Windows Media Player playing malicious MIDI file

Image Credit: TrendMicro

Thankfully, Microsoft included a fix for this vulnerability on the last patch Tuesday, so Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 users are strongly advised to update their system as soon as possible.

Aside from making sure your PC is fully patched with all of the necessary security updates, it's a good idea to add an extra layer of protection by running antivirus software that offers real-time scanning.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, January 25, 2012

Symantec recommends disabling pcAnywhere, releases hotfix to address 2 vulnerabilities

Symantec pcAnywhereWhen is the last time you recall a vendor telling users to stop using one of their products?

Symantec has begun advising users to disable their remote access software, pcAnywhere unless it’s absolutely needed.

Why? It all stems back to the fact that hackers stole a portion of Symantec’s source code from their servers back in 2006. Since then, Symantec has cautioned that pcAnywhere users faced a “slightly increased security risk” due to the breach.

It seems now that “slightly” is no longer the right word to describe it.

On Wednesday, Symantec released a white paper [PDF] that outlined the security risks associated with pcAnywhere, along with security recommendations and best practices.

Alongside such helpful information Symantec wrote:
“At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.”

If you need them, here are instructions on how to disable pcAnywhere.

Can’t go without pcAnywhere? Patch it & stick to the security guidelines

LiveUpdateIf you absolutely must use pcAnywhere, it’s strongly recommended that you use the most recent (and supported) version of pcAnywhere, apply any patches or updates and follow Symantec’s guide for best security practices.

Just yesterday, Symantec has issued a security advisory and corresponding hotfix in order to address critical vulnerabilities.

The two security risks listed in the security advisory are remote code execution and local access file tampering; the latter would allow an attacker to elevate their file privilege.

“The remote code execution is the result of not properly validating/filtering external data input during login and authentication with Symantec pcAnywhere host services on 5631/TCP.” the advisory explains, “Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system.  Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.”

As far as the file tampering security risk goes, some files installed by pcAnywhere are writable by everyone and susceptible to file tampering, which leaves the door open for an attacker to overwrite the files to gain elevated privileges. However, it should be noted that the attacker would already need access to a vulnerable system to accomplish this.

Although there hasn’t been any evidence that these vulnerabilities are being exploited in-the-wild, Symantec is not taking any chances and urges pcAnywhere users to install a hotfix in order to patch the holes. The patch can be applied either manually or automatically via LiveUpdate.

The affected products are Symantec pcAnywhere 12.5.x, IT Management Suite 7.0 pcAnywhere Solution 12.5x, and IT Management Suite 7.1 pcAnywhere Solution 12.6.x.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Google Updates Its Privacy Policy – Cool or Creepy?

Google has it's eyes on you..Google announced on their official blog yesterday that they will be rolling out a new privacy policy that blankets over 60 different Google products.

The new policy – which takes effect on March 1st, 2012 – will allow Google to share collected user data between all of the Google products it encompasses (Google Books, Google Wallet & Chrome are not included for legal reasons).

Users do not have the option to opt-out of the new policy and if you don’t agree with it, well, your only recourse is to close your accounts with Google. Good thing about that is Google is committed to “data liberation” and they provide instructions on how to take your information elsewhere if you’d like.

A simple, more intuitive Google experience

On one hand, Google sharing data between their services seems like it can prove helpful.

As stated on the official blog post, Google can provide reminders that you’re going to be late for a meeting based on your location, your calendar and the traffic in that area on that given day. It would be like having a personal assistant by your side to keep you on track.

Plus, the unified privacy policy is easy for consumers to understand. Basically, they’re using your data to keep you on task, provide better spelling suggestions based on what you’ve typed before (even with your friends names) and, of course, serve more relevant ads and search results based off your activity when the opportunity arises.

Stuck between Google and a hard place

On the other hand, I’m not a fan of the fact that I cannot opt out of the new privacy policy.

It’s a little unnerving to think that I’m being watched everywhere I go on the internet – even if I’m doing as little as reading technology articles and surfing social networking sites. It’s just plain creepy.

It’s no surprise that Google’s plan to roll out this new privacy policy has privacy experts concerned.  As Common Sense Media chief executive James Steyer told the Washington Post, “Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

As for Android users? Well, Google is collecting device information (hardware model, operating system version, etc.), log information (search queries, your phone number, calling-party number, duration of calls, IP address, device event information along with cookies that may uniquely identify your browser or Google account). So you can go ahead and expect whatever you do on your mobile device to be logged and compiled into your user profile and used to both your advantage and Google’s.

What it all boils down to...

Privacy concerns aside, we must remember that Google already had mountains of information on users that utilize their services and they're just sharing the data between their services.  As the saying goes, “Why have the information if you’re not going to use it?”

If you don’t want Google to peek over your shoulder while conducting your online activities, you can simply log out of your Google account(s) and go about your business. Oh, and don't do anything on your Android phone that you don't want Google to know about or track.

If you're curious to see what information Google has on you, I suggest you check out your Google Account Dashboard.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Google eyes logo credit eSarcasm

Tuesday, January 24, 2012

Free $100 Applebee's gift card?! Nope, just a malicious browser plug-in.

Applebee's LogoWhat are you willing to do for a $100 Applebee’s gift card?

Would you download and install a plugin from an unknown source?

Cybercriminals have launched a new spam campaign on Facebook that’s offering users a $100 Applebee’s gift card – and all you have to do is download their browser plug-in.

Of course, that browser plug-in won’t hand over any complimentary Applebee’s gift cards like the offer states. No, instead it will flood all of your Facebook friends with spam messages linking them to the same bogus offer – along with an assortment of other scam offerings.

Here’s the spam message that you will need to watch out for:

Free $100 Applebee's Gift Card for Everyone
This week only! $100 Applebee’s Gift Card Giveaway!

Visit our site to get a complimentary $100 gift card and enjoy your favourites at any Applebees in the country. Have a great start to the new year!

Another variant reads:

$100 Applebee's Gift Card Spam
WOW I cant believe that you can get it so fast!
Get your free $100 Applebee’s Gift card now

A laundry list of domains are being used and they appear to change frequently, but the ones mostly shared are “www.applebeesXXXXX.com”, with the the X’s referring to a random combination of numbers.

Once you click the advertised link, you will be taken to a spoofed site intended to make you think that you’re viewing the offer on Facebook.

$100 Applebee's gift card scam page

Pressing ‘Click Here to Begin’ will initiate the download of the rogue browser extension, which Firefox will prompt you to either Allow or Deny.

Unless you’ve always had some odd desire to become a spammer or you intend on pissing off your entire friends list, it’s strongly advised that you do not install this plug-in. You will NOT get a $100 Applebee's gift card.

Instead, whenever you see messages related to the $100 Applebees gift card offer, you are urged to do the following:

  1. Mark the wall posts advertising this offer as spam by clicking the ‘x’ at the top right corner of the message.

  2. Warn your family & friends to steer clear of this special offer and avoid downloading any browser plug-ins from untrusted sources.

If you’ve already fallen for the scam, it would be in your best interest to delete any messages posted by the malicious browser plug-in and remove the troublesome browser plug-in. Instructions on how to remove plug-ins for Firefox and Chrome can be seen here.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, January 23, 2012

Not So Fresh: $100 Subway Gift Card Scam on Facebook

Subway. Eat fresh.A new scam is circulating on Facebook, hoping to sucker you into divulging personal information and completing multiple “reward offers” in hopes of snagging a “free” $100 gift card to Subway.

The scam starts out with a message similar to the one below:

Free $100 Subway Gift Card Spam Message
Free $100 Subway Cards! (limited time only)

Hey everyone! Make sure you get your Subway gift card! This is only for today and tomorrow!

The link leads you to a page that claims that free $100 Subway cards are being given away to all {800 million) Facebook users and there’s a two-step process in order to claim yours – post the offer to your profile and click the word ‘Like’.

Free $100 Subway Cards for Facebook Users

Seems simple enough, right? Unfortunately, that’s only the beginning...

Get a FREE $100 Subway Gift CardOnce you’ve exposed everyone on your friends list to the scam, you’ll be redirected to a completely different website – subway.thegiftcarddeal.com – that reveals the true focus of the offer in the fine print:

  • Collect as much of your personal information as possible

  • Get you to complete a total of 13 “reward offers”, and

  • Refer 3 of your friends to fall for the same scam.

Are those "reward offers" worth completing in exchange for a $100 Subway gift card?
“Various types of reward offers are available. Completion of reward offers most often requires a purchase or filing a credit application and being accepted for a financial product such as a credit card or consumer loan.”

I think not! You might as well take the money you're going to spend on the reward offers and just go straight to Subway.

Tell us where to send your $100 Subway CardScammers often advertise “free offers” on Facebook as they get a chunk of change for driving traffic to these affiliate sites and getting users to sign-up.

If you catch the $100 Subway gift card offer on Facebook, be sure to avoid it and warn your friends to do the same.

If you’ve already fallen for the scam, be sure to remove all posts on Facebook that link to this special offer and keep a watchful eye out for future scam campaigns that may arrive via snail mail, e-mail or even text. If you supplied your mobile number, you may want to monitor your cellphone bill for suspicious charges as cyber crooks have been known to sign-up victims of these scams for expensive SMS subscription services.

Don’t miss out on the latest tech news and computer security alerts (including Facebook scams such as these)! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, January 20, 2012

Order a new Dell Latitude E5520 laptop for $460 and get a FREE docking station!

This offer expired on January 27th, 2012. See the ad at the top of the page for our current "Buy of the Week" deal.

Dell Latitude E5520Doing business today means working anytime, anywhere. You need a laptop to keep up with your work style.

The Dell Latitude E5520 laptop combines world-class design with durability to perform, wherever business takes you.

For a limited time, you can order a new Dell Latitude E5520 laptop and get a FREE Dell Docking Station for just $460, plus shipping! Call Hyphenet at (619) 325-0990 to order.

Specifications for the Dell Latitude E5520

Display15.6" Widescreen LED backlight
TFT 1366 x 768 ( WXGA )
ProcessorIntel Core i3 2330M 2.2GHz
Hard Drive250 GB - Serial ATA-300 (5400 rpm)
GraphicsIntel HD Graphics 3000
Optical DriveDVD-ROM
NetworkingNetwork adapter,
PCI Express Half Mini Card,
Fast Ethernet,
Gigabit Ethernet,
Operating SystemWindows 7 Home Premium (64-bit)

Maximize your workspace with the Dell E-Port Docking Station – included FREE with your purchase of a Dell Latitude E5520!
Dell Docking Station

  • 5 x Hi-Speed USB Ports

  • 1 x Network  - RJ-45

  • 1 x Display/Video 15-Pin Port

  • 1 x Display/Video DVI Port

  • 1 x Dislpay DisplayPort

  • 1 x Storage / eSATA Port

Don't miss out on this buy of the week!

Call Hyphenet at (619) 325-0990 to order your Dell Latitude E5520!

Buy of the Week offer valid through January 27th, 2012.
* Shipping, CRV and taxes may apply.

This offer expired on January 27th, 2012. See the ad at the top of the page for our current "Buy of the Week" deal.

Spammers Using Twitter to Harvest Valid Email Addresses

Twitter icon by James WhiteHave you ever wondered how spammers collect email addresses?

While we all know a spammer can go out and purchase a mailing list, it may not be common knowledge that they can also harvest valid email addresses from social networking sites like Twitter.

I know it sounds crazy, but people have written scripts that sift through Twitter search results in and pluck email addresses that they then add to their list of spam victims.

The amount of email addresses that a spammer can collect using a simple Twitter email harvesting script is phenomenal too.

Security researchers at Websense recently ran an experiment where they monitored Twitter to see how many email addresses were shared. During a 24-hour period, they found that more than 11,000 email addresses were shared worldwide!

Tweets with Email Addresses

Not only are folks who share their email address opening themselves up to spam, but they could potentially be increasing their risk of their email account being infiltrated by a very determined cybercrook.  After all, the guy who managed to break into the email accounts of multiple celebrities did so by keeping a watchful eye on their social media accounts in order to guess their passwords.

So how can you keep your email account safe and spam-free? Websense offers the following tips:

  • Only share your email address via DM (direct message) on Twitter.

  • Treat emails from friends linking you to other sites with caution.

  • Don’t use passwords that can be inferred from publicly accessible information.

  • Make sure that your email security has superior malware protection against modern threats.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Twitter bird by James White
Tweets with email addresses credit: Websense Security Labs

Government takes down Megaupload, Anonymous takes down Government websites

Anonymous Logo“An eye for an eye.”

The day after hundreds of websites voluntarily blacked out in protest of the proposed SOPA and PIPA bills, the U.S. government shut down one of the world’s largest file sharing websites, Megaupload.com due to the site allowing online pirates to swap copyrighted files and cheat the entertainment industry out of a whopping $500 million.

In the crackdown, houses were raided, assets were seized, and four Megaupload employees were arrested and charged with conspiracy to commit racketeering and criminal copyright infringement. Among the group arrested was the founder of Megaupload, Kim Schmitz (aka Kim Dotcom).  Authorities are still on the hunt for 3 additional Megaupload employees.

Shortly after word hit that the feds knocked Megaupload offline and passed out handcuffs, Anonymous unleashed a whirlwind of DDoS attacks that killed the sites for the U.S. Justice Department, Motion Picture Association of America (MPAA), Recording Industry Association of American (RIAA), Universal Music Group, and others.

Never shy about their activities, Anonymous posted a series of tweets on Twitter, outlining every step of the DDoS attack and subsequent website failures as they were happening:

@AnonOps #Megaupload Tweets

Anonymous posted a statement regarding the attacks on Pastebin.

The FBI’s press release related to the takedown of Megaupload can be seen here.

On a side note, if you’re one to follow Anonymous and their controversial activities, Graham Cluley of Sophos warns you to be cautious of clicking links posted by Anonymous on Twitter. While the links may appear to be innocuous, if you follow a link and you have Javascript enabled, you may very well be [unknowingly] participating in a DDoS attack. So, click with caution!

Way to keep things interesting, Anonymous!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, January 18, 2012

Carberp Trojan Variant Demands Money to "Unlock" Facebook Accounts

Researchers at security firm, Trusteer have stumbled upon a new variant of the Carberp Trojan that’s tricking users into paying money in order to “unlock” their Facebook account.

The original version of the Carberp Trojan was designed to steal sensitive data like banking information or login credentials and transmit the stolen data to a remote server. However, the miscreants behind Carberp have kept busy by constantly tweaking and updating the malware with new features.

The most recent version of Carberp targeting Facebook users launches a man-in-the-browser attack, replacing any Facebook page that the user visits with a spoofed page claiming that their Facebook account has been “temporarily locked” –

Fraudulent Facebook Page from Carberp Trojan
“To confirm verification you have to enter 20 euro Ukash voucher. Ukash vouchers are sold by ukash.com website and Ukash.com is not affiliated with Facebook company. 20 euro will be added to your Facebook main account balance. The verification is used to confirm your age and country of origin. The Ukash voucher consists of 19 numbers and face value (sum), begins on “633”. For example: 6337180116517630998”

In order to regain access, the user must “confirm their identity” by providing their full name, email address, year of birth, password, and a €20 ($25 USD) Ukash voucher number.

Contrary to what the page says, the €20/$25 cash voucher will not be "added to your main Facebook account balance", but instead sent off to the bad guys behind the Carberp Trojan, who then has the ability to use it as a cash equivalent.

The real downer is that just like Western Union wire transfers demanded in email scams, there is little-to-no chance of you recovering the money paid via Ukash vouchers.

Trusteer recommends that users be suspicious of odd/non-conventional requests even when they originate from a trusted website. It’s also suggested to use browser-based security tools that secure communication between the computer and target website to block MitB attack methods like HTML injection and prevent keylogging from grabbing data.

The Carperb Trojan is commonly spread via malicious email attachments and drive-by-downloads, so users can minimize their chances of an infection by running up-to-date antivirus software and opting not to download files attached to emails from unknown sources.

Money slave photo credit: Vector Portal
Carberp Facebook page credit: Trusteer

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, January 17, 2012

LinkedIn Spam Asks That You Stop Spamming - and Visit a Pharmacy Site


We recently wrote about spammers sending out fake LinkedIn emails claiming you had received a new message on LinkedIn and that you had to click on a link to read it. However, instead of being taken to the LinkedIn website, you were directed to a blackhole exploit site that would attempt to download malware onto your PC.

It seems that it finally dawned on the spammers that legitimate LinkedIn emails notifying members of a new message contained the actual message inside and they’ve taken the time to update their malicious emails to reflect this.

But what could they possibly say to get people to actually click the link in an attempt to read or reply to the non-existent LinkedIn message?

That’s simple: they could simply turn the tables around and demand that YOU stop spamming THEM with “links to your business!” Who could resist defending themselves in order to avoid being labeled as a spammer?

Here’s a copy of the LinkedIn spam email we received:

Fake LinkedIn Spam: Stop spamming me!

Subject: Stop spamming me with links to your business!
From: Selwyn O’Ryan via LinkedIn (member@linkedin.com)
CC: Selwyn O’Ryan (fonseal1[at]memorialhealth.com)
Selwyn O'Ryan has sent you a message.
Date: 01/16/2012

Subject: Stop spamming me with links to your business!

Please stop spamming me!
View/reply to this message

Don't want to receive e-mail notifications? Adjust your message settings.
© 2012, LinkedIn Corporation

All of the links within this particular email were set to point to a pharmaceutical site, but they could’ve easily gone to a malware serving website like the last one did. So if you receive any LinkedIn spam emails, be sure not to click any links inside.

Maybe spammers do learn after all.

Have you received any LinkedIn spam recently? Share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

So, Hackers Lifted Source Code from Symantec Servers After all

Norton from SymantecOn Tuesday, Symantec spokesman Cris Paden told Reuters that a group of unknown hackers broke into Symantec’s networks in 2006 and stole the source code for four products – Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton Goback and pcAnywhere.

It was only eleven days ago that Symantec confirmed that a band of hackers – who identify themselves as the ‘Lords of Dharmaraja’ – had obtained the source code for their products from Indian military servers, who had left the copy there by mistake. At that time, Symantec had stated that their network had not been compromised when the source code was stolen, but apparently that is not the case.

Paden also stated that they’re working to reach out to pcAnywhere users, who now face a “slightly increased security risk” due to the leak, and “provide remediation steps to maintain the protection of their devices and information.”

When hackers released fragments of source code lifted from the Indian military servers, Symantec confirmed that it was for two older enterprise products, Symantec Endpoint Protection 11.0 and Symantec Norton Antivirus 10.2, the latter being discontinued. Symantec stated that the release of the source code would not impact Norton’s products for consumers given the age of the products.

On Saturday, a hacker called Yama Tough announced to the world via Twitter that he was planning on releasing the full 1.7GB source code for Norton Antivirus:

However, on Monday the hacker switched gears, stating he wanted to have the first go at zero-day exploits to unleash mayhem on unsuspecting users:

Yama Tough tweeting that he's holding off on releasing Norton source code

The hacker had previously tweeted links to a list of the source code files, but those related pages have since been removed.

Symantec has stepped up to the podium to release the following statement, once again stressing that the source code leaks do not impact their current products:
The code for Norton Utilities that was posted publicly is related to the 2006 version of Norton Utilities only. That version of the product is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities.

Furthermore, we have no indications that the code disclosure impacts the functionality or security of any of Symantec's other solutions. Lastly, there are no indications that customer information has been impacted or exposed at this time. As always, in general, Symantec recommends that users keep their solutions updated which will help ensure protection against any new possible threats.

Do you still feel comfortable using Symantec products to protect your PC? Share your thoughts below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, January 13, 2012

Computer Viruses Stole Data from S.F. College for Over 10 Years

Malware RemovalYou might want to think twice about checking your bank account, private email or even your social networking account on a college computer.

A few days after the Thanksgiving holiday, it was discovered that at least 7 different viruses were stealing personal information from possibly tens of thousands of students, faculty and staff at City College of San Francisco.

Worse yet, it appears that the army of malware has been trolling the college’s network every night  around 10p.m. and uploading sensitive data to remote servers based in Russia, China, and eight other countries since 1999.

Computers across the college district’s administrative, instructional and wireless networks have been infected and there’s a chance that anyone that’s used a USB drive to take their work home could have transferred the virus to their personal PC.

School officials are investigating the extent of the infection and data siphoning, but apparently servers holding medical information were found to be virus-free.  Another 17 computers thought to be at-risk are currently being analyzed.

Thankfully, no identity theft cases have been linked to the breach. However, that may change depending on the investigation and school officials are considering bringing in the FBI to help.

[via  SFGate]

Photo Credit: markomni

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishing Emails from Spoofed US-CERT Emails Spreading Zeus/Zbot Trojan Variant

IceThe United States Computer Emergency Readiness Team (aka “US-CERT”) has issued a warning to the public to beware of a new phishing campaign packed with malware coming from spoofed US-CERT email addresses.

“SOC@US-CERT.GOV” appears to be the primary email address that is being spoofed in the phishing email campaign; however the US-CERT stated that other invalid email addresses are also being used.

The phishing emails carry the subject line, “Phishing incident report call number: PH000000XXXXXXX” and a malicious file named “US-CERT Operation Center Report XXXXXXX.zip” is attached to it. (the X’s refer to a random value or string).

Inside the attachment is an executable file (“US-CERT Operation CENTER Reports.eml.exe”) which is a variant of the Zeus/Zbot Trojan known as Ice-IX. Like Zeus/Zbot, the main purpose of Ice-IX is to steal financial information, but Ice-IX boasts better tracker evasion features and an improved web injection method to alter bank webpages in order to lift sensitive information.

So far it seems that the targets of the phishing campaign are employees of private sector organizations as well as federal, state and local governments.

Due to the dangers that lurk within this new phishing campaign, the US-CERT has advised folks to avoid downloading files attached to emails from unknown sources and to double-check that their antivirus software is up-to-date.

Feel free to check out the US-CERT advisory.

Photo Credit: Kyle May

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Geek vs. Nerd: Which one are you? [INFOGRAPHIC]

NerdBy definition, a geek is someone with a specific niche interest/lifestyle that they have become the expert on. They’re the type that enjoy [the early adoption of new] technology and walk around sporting ironic t-shirts that make us chuckle as they pass by.

Nerds, on the other hand, have an extreme fascination with academics and have the ability to make people feel they’re as mentally inept as nerds tend to be socially. Their interests may include Chess, Physics, LARPing, and Battlestar Galactica.

Interestingly enough, 41% of people would be comfortable being called a “geek”, while only 24% would be okay being referred to as a “nerd”.

Which category do you fall under?

If you’re not sure, this infographic by MastersInIT.org may help you out:

Geek vs Nerd

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, January 12, 2012

There's No Love for the McDonald's Facebook Scam

McDonald's: I'm NOT lovin' it.That offer to eat at McDonald’s for FREE? I’m not lovin’ it.

Cybercriminals have launched a new spam campaign that’s leading unsuspecting Facebook users straight into a survey scam or worse – a malware booby trap!

As always, things start out innocent enough: you login to Facebook only to see a friend has shared the rare offer to eat at the Big Mac serving restaurant for free:
Eat at McDonalds for FREE! (limited time only)

McDonald's is currently giving away free meal vouchers to all Facebook users!


Eat at McDonald's Spam Message

(Keep in mind that multiple URLs are being used in this scam.)

Thinking that there’s no way you’re going to pass up on the possibility of scoring some chicken McNuggets with your favorite sauce, you click on the link and find yourself staring at a page decorated with the huge golden “M” and promises to grant you one free McDonald’s meal if you follow a few steps.  The first one being to post the offer on your profile, just like the Facebook friend that shared the offer with you did:

McDonald's Free Meal Facebook Scam

Leave a comment on the "Eat a McDonald's Free" Facebook Scam PageOnce you’ve done that, you’ll be presented with the final step, which is to add a comment saying, “Thanks, I love it!!!” The scammers ask you to do this to help fool future victims into thinking that the offer is legitimate. After all, why would so many people comment on a scam page, right?

It’s at that point where the scam begins to resemble a box of chocolates: you just never know what you’re going to get.

You could be kicked to another site that asks you to complete a series of surveys in order to “verify your humanity” and open yourself up to more targeted spam and scam campaigns.

ESET NOD32 Stops Malware Served by McDonald's Facebook ScamOther setups will direct to a website (mdo-offer.info/claim.php) that tries to infect your machine with the HTML/ScrInject.B.Gen virus!

At that point your fate relies solely on whatever antivirus program you have chosen to protect your machine. My computer  happens to be backed by ESET’s NOD32 Antivirus software, which was able to thwart this attack, so all is well.

Others may not be so lucky..

Have you already fallen for the McDonald’s scam?

  1. Delete all Facebook activity related to the McDonald’s scam: wall posts, comment history – everything! Do not leave any links that could potentially be followed by one of your Facebook pals.

  2. Check that your antivirus software is up-to-date and run a full system scan to make sure you weren’t infected with anything.

  3. Double-check that your operating system is current and fully patched. (You should always do this.) This will improve your defenses against drive-by-download attacks that exploit system vulnerabilities in order to plant malware on your PC.

  4. Warn your family and friends not to follow any offers that state you can win a free meal at McDonald’s. If they’ve already fallen for it, refer them to the 3 steps above.

  5. Avoid clicking on links related to “free offers” on Facebook. Cybercrooks often promote bogus offers  on the popular social networking site in order to trick users into falling for survey scams or visit malicious websites.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, January 11, 2012

How to Protect Yourself from Malicious QR Codes

QR Code Leads to Google.comWould you scan a QR code that was embedded on a website?

The idea may not make much sense to those who are familiar with QR codes.

While QR codes initially started out as a useful tracking method in vehicle manufacturing, they’ve now blossomed into an easy way to share website URLs and other information with the help of a QR scanning smartphone app.

QR codes can be seen in magazine ads, billboards, retail stores, television commercials – almost anywhere you can think of – and who can resist finding out where it leads?

To the naked eye, QR codes look like nothing more than pixelated blocks that make you think you’re being shoved straight into a Rorschach test. Due to the fact that users have no real way of determining whether or not the website that a QR code could link them to is safe, security researchers didn’t hesitate to warn folks about the possibility of cybercriminals jumping on the opportunity to spread malicious websites.

As it turns out, they were right. For when opportunity knocks, the bad guys always answer.

Cyber crooks have begun placing malicious QR codes on sites that they then promote via spam campaigns.

One example discovered by Websense Security Labs directed users to a pharmaceutical site, while Kaspersky Labs expert Denis Maslennikov found a malicious QR code that lead to Android malware that sent text messages that cost the user $6 apiece.

With so many companies taking interest in adding QR codes to their marketing campaigns, how can users protect themselves from the bad guys hiding in the mix?

  • Use a QR code scanning app that allows you to preview the encoded URL before visiting it. If the link appears suspicious, hit ‘Cancel’ and don’t follow it. (Android users may want to check out QR Droid Private)

  • Only provide personal information on trusted websites and always be sure to double-check the URL before logging in or providing sensitive data.

  • If you’re being directed to an app, consider downloading it from an official (and trusted) app store instead. On top of that, make sure you always review the user ratings and permissions before downloading or installing an app.

Have you come across any QR codes that you didn't trust? Share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, January 10, 2012

Malware Hiding in Files Posing as DOTA 2 Beta Keys and Diablo 3 Cracks

DOTA 2Gamers that are itching to play the highly-anticipated Diablo III (D3) or Defense of the Ancients 2  (DOTA 2) games should keep their cool until the games are officially released and avoid downloading files masquerading as cracks or keys for beta versions off torrent/file sharing sites.

Researchers at Microsoft found that cybercrooks are tricking impatient gamers into voluntarily downloading malware by giving the files misleading names and even mimicking game icons.

The malware targeting DOTA 2 fans has been identified as Backdoor:MSIL/Pontoeb.J (aka “Pontoeb”) and was found to be hiding in a file named “dota 2 Betakeys.txt.exe”.

Once it’s on your computer, Pontoeb collects system information to send to its authors and installs a backdoor to allow its operators to do whatever they want – take remote control, download additional malware, visit a website or even participate in a DDoS attack.

Yes, the overall goal of Pontoeb is to turn your machine into a zombie.

Diablo 3 WallpaperMeanwhile, a file by the name of “diablo3-crack.exe” is likely to wind up on the systems of gamers seeking a Diablo 3 crack.

According to the researchers, the bad guys took the time to alter the icon to imitate the Diablo icon even though the file houses Backdoor:Win32/Fynloski.A (aka “Fynloski”).

Fynloski is a backdoor Trojan that infiltrates PCs in order to “log keystrokes, download and run arbitrary files, and disable security settings.” To add to its creepiness factor, the Fynloski Trojan is also capable of capturing video from your computer’s webcam, record sound produced by your PC and type text on the screen.

So, in theory, the attacker has the means to watch you freak out as your computer takes a life of its own and mock you via text while they’re doing it. Fun, right?!

No, I’m kidding. (But not really.)

Gamers that are not into the idea of having their computer hijacked by malware authors and their products can easily avoid a hostile takeover by running up-to-date antivirus software on their machines and downloading beta versions directly from their vendors.

Happy gaming!!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Xerox WorkCentre™ 3210 Multifunction Printer on sale for $245!

This offer expired on January 13th, 2012

Xerox ThinkCenter 3210The WorkCentre 3210 is a highly compact device complete with extensive features to increase performance and manage costs. This value-packed and reliable all-in-one print/copy/scan/fax device has been designed with individuals and small workteams in mind.

For a limited time, you can order a new Xerox WorkCentre 3210 Multifunction Printer from Hyphenet for only $245, plus shipping!

Call Hyphenet at (619) 325-0990 to order your Xerox WorkCentre 3210 Multifunction Printer today!

Specifications for the Xerox WorkCentre 3210 Multifunction Printer

FeaturesPrint, Copy, Scan, Fax
Print ColorBlack & White
Max Print Speed24 ppm
Duplex PrintingNot Available
Max Resolution1200 x 1200 dpi
Max Duty Cycle30,000 pages
Print FeaturesBooklet printing, Fit-to-page,
N-up, Overlays, Poster printing,
Print from USB memory drive,
Scaling, Watermarks
Print Memory 128 MB
Paper Capacity250
Paper Types Bond, Card stock, Envelopes,
Labels, Letterhead, Plain paper,
Recycled paper, Transparencies
Max Duty Cycle30,000 pages
WarrantyOne-year depot warranty,
Xerox Total Satisfaction Guarantee

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your Xerox WorkCentre 3210 Multifunction Printer!

Buy of the Week offer valid through January 13th, 2012.

* Shipping and taxes apply.

This offer expired on January 13th, 2012