Updated: VISA, MasterCard Warn of "Massive" Data Breach at Third-Party Processor

Both VISA and MasterCard are currently playing defense, alerting the public and banks across the country about a massive security breach at a third-party payment processor.

Global Payments Inc. is said to have suffered a security breach sometime between January 21^st, 2012 and February 25^th, 2012, resulting in the credit/debit card information of ~50,000 cardholders being stolen.

The breach was initially reported by Brian Krebs of KrebsonSecurity.com early Friday morning before being picked up by other media outlets.

According to the WSJ, the breach is currently being investigated by law enforcement and an unnamed “independent data security organization"; however, a report by Avivah Litan, a fraud analyst at Gartner, states that the breach involved a taxi and parking garage company in the New York City area.

Litan advises that anyone that has used their credit or debit card to pay for a NYC cab in the last few months keep a sharp eye on their billing statements for signs of fraud.

Both Visa and MasterCard have stated that none of their computers were accessed during the security breach, only those of Global Payments, Inc.

Anyone that is concerned about whether or not their account information was compromised in the breach are being advised to contact the bank that issued the card.

Update 3:25pm: Details are still sketchy, with some news sources citing millions were affected by the breach while others cite only around 50,000 cardholders were affected.

Either way, Global Payments, Inc. has released the following press release confirming that their systems were breached and that they will hold a conference call on April 2nd at 8 am EDT:

Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.

It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” said Chairman and CEO Paul R. Garcia.

Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company’s Web site at www.globalpaymentsinc.com by clicking the “Webcast” button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809. The pass code is “GPN.”

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: HP ProBook 4430s Notebook for $588!

This offer expired on April 6th, 2012. Check the top banner ad for our current deal.

Ideal for small (and medium) size businesses, the HP ProBook 4430s balances functionality with style and affordability.

For a limited time, you can order a brand new HP ProBook 4430s Notebook  from Hyphenet for only $588, plus shipping!

Call Hyphenet at (619) 325-0990 to order yours today!

Specifications for the HP ProBook 4430s Notebook

Display	14" LED-backlight Anti-glare TFT 1366 x 768  (HD)
Processor	Intel Core i3 2350M / 2.3 GHz
Graphics Card	Intel HD Graphics 3000
Hard Drive	500 GB Hard Drive (5400 rpm)
RAM	4 GB DDR3 SDRAM - 1333 MHz
Optical Drive	DVD±RW (±R DL)
Camera	Integrated Webcam
Networking	Gigabit Ethernet, 802.11a/b/g/n
Operating System	Windows 7 Pro 64-bit
Battery	6-cell - up to 6 hour(s)
Warranty	HP 1-Year Limited Warranty

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your HP ProBook 4430s Notebook today!

Buy of the Week offer valid through April 6th, 2012 while supplies last.

* Shipping and taxes apply.

This offer expired on April 6th, 2012. Check the top banner ad for our current deal.

Adobe Updates Flash Player to Patch 2 Vulnerabilities, Adds New Automatic Update Option

It’s time to update Adobe Flash again!

On Wednesday, Adobe released an update that not only fixed 2 critical vulnerabilities, but finally offers an automatic update option to make it easier to apply updates across multiple browsers.

The patch addresses 2 memory corruption vulnerabilities (CVE-2012-0772 & CVE-2012-0773) within Flash Player 11.1.102.63 and earlier versions for Windows, Mac, Linux and Solaris along with Flash Player 11.1.111.7 and earlier builds for Android 3.x/2.x that Adobe warns could cause a crash and allow remote code execution by an attacker.

Adobe recommends that Windows, Mac and Linux users visit the Adobe Flash Player Download Center to update to Flash Player 11.2.202.228. Solaris users are also advised to visit the download center to update to Flash Player 11.2.202.223.

Android 2.x and 3.x users should update to Flash Player 11.1.111.8 via Google Play Store.

In regards to the new automatic update options, Adobe explains that once you’ve successfully installed Adobe Flash Player 11.2 you will be presented with a dialog box to select your update method of choice:

• Install updates automatically when available (recommended)


• Notify me when updates are available


• Never check for updates (not recommended)

By the way, the new background update feature is currently only available for Windows users (XP and newer). The automatic update feature for Mac is currently under development and should be available soon.

In the even that you have no idea what version of Flash Player you have installed, you can always go here to find out.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Careful Who You Give Remote Computer Access To (Yes, Even for PC Support)

If you received a phone call from someone claiming to be from a reputable tech company – whether it were Microsoft or a well-known antivirus vendor – and they asked for remote access to your computer, would you comply with their request?

It may not be in your best interest to do so.

Scammers will not hesitate to call you up and say that it’s time to renew software licenses, your computer is infected with malware or list other imaginary issues that cannot be fixed without opting for an expensive support package first.

While most of these calls may appear to be random, others may piggyback on a legitimate support request you may have with a vendor, as the iYogi / Avast fiasco recently demonstrated.

What Had Happened Was…

Avast – a company that offers both free and paid antivirus solutions – was using iYogi support services to provide free Avast users with telephone support; however, complaints began rolling in that iYogi was attempting to swindle users into unnecessary $169 support packages.

Avast looked into the matters and was reassured by iYogi management that the issue was being corrected.

However, an independent investigation by Brian Krebs of KrebsonSecurity.com found that iYogi reps continued to attempt to up-sell products that Avast users did not need whenever they would call in for technical support.

This ultimately lead to Avast terminating their relationship with iYogi.

Growing Trend in PC Support Scams?

Telephone scams like these are not uncommon and it is important for users to remain vigilant even when they are on the phone with someone claiming to be affiliated with a reputable software company.

Scammers are preying upon the fact that users are in need of assistance along with the tendency to not only trust the “professionals” offering to help, but the reputation of the brand-name they affiliate themselves with.

That is exactly how Comantra, an ex-Microsoft Gold Partner, managed to scam countless computer users in Canada, Australia and United Kingdom by telling them they’d received reports from Microsoft saying their PCs were infected with a virus.

If you happen to be the recipient of a computer support call that just “doesn’t sit right,” don’t hesitate to trust your instinct and deny the caller remote access to your system. Feel free to get a second opinion regarding the issues you are having with your computer and by all means, take a moment to Google the issue – or company – at hand to see what experiences other users have had.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Your 4-Digit iPhone Passcode is No Match for Law Enforcement Software

It may be time to exchange that four-digit passcode on your iPhone to something a *little* more complicated.

A recent Forbes report sheds light on just how quickly a four-digit passcode can be bypassed, paving the road for all of your data to be siphoned out of your smartphone.

Just how fast are we talking here? Apparently your iPhone's 4-digit passcode can be cracked in as little as 2 minutes.

The password cracking and data pilfering is made possible by Micro Systemation’s  handy-dandy “XRY” application.

Micro Systemation is a Swedish firm that provides all of the tools that law enforcement and military needs to access the devices of criminal suspects and detainees.

How XRY Works

In order to gain access to the phone, XRY leverages security flaws within the phone’s software – just like jailbreakers do – and conducts a “brute force” attack in order to crack the device's password.

After the phone has been jailbroken and passcode unveiled, all of the data stored on the handset is up for grabs. The accessible information includes contacts, call logs, SMS history, GPS location, files and even a log of keystrokes.

Here is a video that shows XRY cracking a 4-digit passcode and grabbing all of the data stored on an iPhone:



Don't scoff at the fact that the password on the iPhone used in the demonstration is set to "0000" either - that's actually one of the most commonly used iPhone passcodes.

Just incase you were wondering, XRY is said to work on both iPhone AND Android devices. Obviously the more complex your passcode is, the less likely your phone can be forced into granting access using XRY or similar programs.

Not that a complex passcode would stop them anyway.  They'd just ask Google or Apple for help getting in.

Update 4/3/12:  According to a hacker known as @chronic, XRY does not work on iPhone 4S, iPad 2 or iPad 3. Read more.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

When Social Media Goes Wrong: Employers Ask for Your Logins, but Schools May Flat Out Stalk You

We are all so obsessed over what’s going on in the social media world that we are constantly trying to find ways to electronically stalk each other.

No, seriously, if you aren’t being asked to “voluntarily” hand over the login for your Facebook account during a job interview, then there’s a pretty good chance that school officials are pressuring your child to hand over their coveted username and password.

Even if you’ve somehow managed to dodge those two bullets, there’s still a chance that exercising a colorful vocabulary on Twitter can result in finishing the homestretch of your high school career in an alternative school – like this senior in Indiana recently found out.

So what is with the sudden interest in social media accounts?

Well, employers who ask for social media logins cite their reasons being that they want to check to make sure you’re not affiliated with any gangs, illegal drug use, or any other questionable behavior that they don’t want employees of their company to be affiliated with.

Meanwhile, school officials defend their login requests by claiming they’re doing it to “prevent disruption” or, in the case of the expelled high school senior, punish those who allegedly use school computers to get into mischief.

Not that using your personal computer would necessarily spare you from getting into trouble.

The expelled high school senior claimed that the offending tweet was posted to his personal Twitter account at 2:30am from his personal home computer.  The school begged to differ, stating it was a school owned laptop that was used.

Regardless of what computer was actually used to post the tweet, the school’s principal stated that they have a monitoring system in place that tracks all of the tweets posted on a student’s Twitter account should they ever make the mistake of logging into Twitter on a school computer, taking things to a whole new level of creepy.

It appears that there seems to be a growing trend of not only violating the privacy of users, but a blatant disregard for the First Amendment (& sometimes the Fourth Amendment as well).

If you haven’t put a second thought into the information you put online – even if it’s tidbits of information that can be used to guess the answers to the security questions tied to your online accounts – then perhaps it’s time that you do.

And should an employer or school official attempt to ask that you - or your child - hand over your Facebook login information, you can simply state that it's against Facebook's Statements of Rights and Responsibilities to share your account login OR access an account belonging to someone else. Not only that, but two U.S. Senators are currently investigating whether or not they're violating two federal laws by asking.

What do you think about the growing trend of employers and schools asking for Facebook account logins? Do you use your school – or work – computers to login to your social media accounts? How would you feel if you found out your social media activity was being tracked after doing so?

Update 3/29: TechCrunch reports House Shoots Down Legislation That Would Have Stopped Employers From Demanding Your Facebook Password. Bummer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Celebrity Email Hacker Pleads Guilty, Reminds Us of Online Account Safety

Christopher Chaney, the 35-year old Floridian who was arrested last year for hacking the email accounts of 50 celebrities, plead guilty in court Monday to nine felony counts, including unauthorized access to a computer and wiretapping.

During his hearing, Chaney admitted to gaining access to the email accounts of Hollywood stars like Mila Kunis, Christina Aguilera and Scarlett Johansson by correctly guessing the answers to the ‘Forgot your password?’ security questions in order to reset their passwords.

Chaney was able to collect the information he needed to provide the proper responses by monitoring the celebrities’ social media accounts and conducting online searches.

Once inside the target account, Chaney rifled through the emails, looked through contact lists for additional hacking targets and setup a rule to forward a copy of all incoming emails to a secondary email address that he controlled.

The digital goods Chaney took away from his unauthorized access included copies of private conversations, confidential documents and personal photographs, including the nude pictures of Scarlett Johansson that were then forwarded to another hacker and two celebrity gossip sites that released them to the public.

Although all of the individuals targeted by Chaney were Hollywood stars, it still serves as a reminder that users should take precautions to avoid having their privacy invaded by a clever hacker that’s able to transform the information available online into full-blown unauthorized account access.

Keep Your Online Accounts Safe from Attackers

• Be careful what information you share online. You may be tempted to spill your life story to a complete stranger online, but you never know if they will turn around and use that information against you.


• Always use strong passwords. It may be tempting to use your dog’s name as your password, but just because ‘Shadow’ makes a great pet name doesn’t mean it makes a great password. Use alphanumeric passwords with special characters to prevent attackers from cracking your password.


• Don’t share the same passwords across multiple sites. If you do, you’re basically handing all of your accounts over on a silver platter.


• Set a difficult security question & answer. Setting an easy to guess security question and answer defeats the entire purpose of the feature. Be sure to set one that only you know the answer to.


• Don’t take naughty photos with your phone.  This should be pretty obvious – how many celebrities have had their nude photos leaked to the public?

Update: Christopher Chaney was sentenced to 10 years in federal prison by a U.S. District Court judge in Los Angeles on Monday, December 17th, 2012.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Fake Verizon Wireless Bill Notification Emails Lead to Malware

Careful when clicking links within Verizon bill notification emails.

Cybercrooks are spamming out emails that closely resemble the emails Verizon sends to their customers to let them know that their cellphone bill is ready to view online.

This particular spam campaign poses a high risk since the balance displayed to the user is likely far more than they’re accustomed to, which may drive recipients to click links within the emails without a second thought.

Screenshot Credit: Barracuda Labs

And considering all of the embedded links point to a malicious non-Verizon website hosting the Blackhole exploit kit, that can quickly turn into a costly mistake as malware will be installed on any vulnerable computers that visit the site.

According to Barracuda Labs, the malware delivered is none other than the infamous ZeuS/Zbot, which is known for its effective ability to steal online banking credentials and upload them to a remote server controlled by the attackers.

How to Spot the Fake Verizon Wireless Bill Notifications

Although the cybercrooks behind this spam campaign have done a fairly good job copying the layout of the Verizon bill notification emails, there still are a few ways to tell them apart:

• In legitimate Verizon Wireless bill notification emails, the first line of the email will read, “Your current bill for your account ending in XXXX-XXXXX is now available online in My Verizon.” Meanwhile, the fake emails will simply say, “Your current bill for your account is now available online in My Verizon.”


• The balance due will differ greatly from what you typically pay. So if you usually pay $100/month and suddenly receive an email saying you owe $500, yet you haven’t done anything different during the billing cycle to warrant such charges, then something is up – and the problem may not necessarily be with your account, but the email you’re looking at.


• By hovering over the links, you notice that they point to a third-party website that obviously doesn’t belong to Verizon Wireless. The links in the spam message received by Barracuda Labs was “hxxp://trauma.co.id/XXXXXX/index.html” – which is clearly not affiliated with Verizon Wireless. It is important to note that it’s likely multiple URLs are being used.

As a rule of thumb, it’s always best to just type the URL of the website you wish to visit directly into your browser’s address bar instead of clicking links provided within emails.

What to Do With Fake Verizon Wireless Bill Notifications

Did you also receive one of these fake Verizon bill notices? We suggest that you:

• Avoid clicking on any of the embedded links.


• Forward the email to phishing@verizonwireless.com.


• Delete the email.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thousands of Websites Hit by Ongoing Mass SQL Injection Attack

It appears that the cybercriminals behind the 2011 Lizamoon mass SQL injection attack are at it again.

Security researchers at Webroot warn that another massive SQL injection attack is currently underway and that hundreds of thousands of websites have already been injected with a malicious script pointing towards one of the following domains:

• hjfghj.com/r.php (~84,900 sites infected)


• fgthyj.com/r.php (~205,000 sites infected)


• gbfhju.com/r.php (~68,200 sites infected)


• statsmy.com/ur.php (~930,000 sites infected)


• stmyst.com/ur.php (~236,000 sites infected)

All of the domains are parked at 91.226.78.148, which is hosted within the Russian Federation, and are registered using the same information as other domains used in previous SQL injection attacks, including the Lizamoon mass SQL injection attack last year:

JamesNorthone
James Northone jamesnorthone@hotmailbox.com
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
us

Webroot analysts suspect that the cybercrooks are already beginning to cover their tracks, though, as the domains listed above are currently returning a “404 Not Found” error message. However, given the amount of activity witnessed from this group within the last year, it's only a matter of time before they launch their next attack.

To avoid being affected by mass SQL injection attacks like these, users should keep their systems up-to-date and use antivirus software. Past mass SQL injection attacks by this particular group were focused on spreading scareware (fake antivirus software), so be cautious of "security alerts" that do not follow the typical behavior and/or appearance of your legitimate antivirus program.

Site owners can minimize their chances of their site being hacked by using strong FTP credentials and checking for website vulnerabilities (such as outdated CMS systems, plug-ins, etc).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tagged Spam Links to Pharmacy Websites

Have you noticed a lot of Tagged spam arriving in your inbox lately?

Spammers are now spoofing message notifications from the social networking site in order to drive traffic to a variety of illegal pharmacy sites.

At first glance, the spam message looks as if it was really sent from Tagged; the company logo is on the top left with convincing site links on the right, a fake message from an alleged Tagged member occupies the center of the message body with a big orange button welcoming you to read the full message and an official looking footer rounds out the bottom of the email:

Subject: Angela C sent you a message...
From: Tagged (tagged@taggedmail.com)

Tagged   My Profile | Messages | Friends | Meet Me | Browse | Search

Angela C, 23
You have a new message!

Angela C says: Hi, do you remember me? Can you...
View message!

Manage my account and email settings on Tagged Inc., 110 Pacific Mall Box #117, San Francisco, CA. 94111

All Tagged emails will be sent from our official @tagged.com or @taggedmail.com domains to your registered email address. We will never contact you from any other email addresses.

However, none of the embedded links point to Tagged.com, but a pharmacy site instead.

The fact that spammers opted to send fraudulent Tagged emails is ironic in itself, considering Tagged, Inc. has quite the checkered past involving deceptive bulk email practices resulting huge fines and being labeled the “World’s Most Annoying Website” by Time’s Sean Gregory.

Still, I’m sure none of that matters to cybercrooks and so they’ll just add fuel to the fire by continuing to drag Tagged’s name in the mud just to trick people into visiting pharmacy sites.

Let’s just hope they don’t start directing users to malicious sites instead.

If you happen to receive a message that claims to be from Tagged, make sure you take a moment to hover your mouse over the links to view the destination URL before clicking on it. If the URL doesn’t match, feel free to delete the email.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Belkin Share Max N300 Wireless N+ Router for $34

Share files and print wirelessly with this router that features Wireless-N technology for rapid wireless data transfer speeds and Gigabit ports for fast, easy wired data transfer.

For a limited time, you can order a brand new Belkin Share Max N300 Wireless Router  from Hyphenet for only $34, plus shipping! Call Hyphenet at (619) 325-0990 to order yours today!

Specifications for the Belkin Share Max N300 Wireless Router

MFR#	F7D7301
Speed	Up to 300 Mbps
Standards	IEEE 802.11b/g/n
Frequency Band	2.4 GHz ISM
Security	WPS, WP2
Interface Slot Type	USB 2.0
Auto Detecting	Yes
Auto Sensing	Yes
Ports	1 x 10/100M WAN; 4 x 10/100M LAN
LAN Connection	Ethernet
LEDs	Network status, WPS
System Requirements	Windows 7 32-bit or 64-bit Windows XP 32-bit Windows Vista 32-bit Mac OS X 10.5 or higher 64MB RAM Broadband Internet Connection Network interface card and TCP/IP networking protocol Internet Browser (IE, Firefox, Safari, etc.)
Warranty	1 year limited on parts & labor.

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your Belkin Share Max N300 Wireless Router today!

Buy of the Week offer valid through March 30th, 2012.

* Shipping and taxes apply.

Facebook: Have Ads on Your Timeline or News Feed? Then you most likely have Adware

Is your Facebook news feed or Timeline inundated with ads?

A video message posted on the Facebook Security page warns that if you see ads on the center, top or left column of your Facebook account then it’s likely you have adware on your PC.

Beyond injecting flashy, noisy ads on your Facebook  Timeline and account news feed, having adware on your computer will result in slower overall site performance and compromise system security.

It is likely that the adware was installed upon downloading rogue browser extensions or other programs promising non-existent Facebook features, such as the ability to see who viewed your Timeline (profile), setting your own Timeline theme or even non-Facebook related items like free restaurant vouchers and gift cards.

Facebook’s Help Center also stated that the programs offered by the following websites are adware and will lead to your Facebook account being littered with intrusive advertisements:

• Facetheme.com


• Pagerage.com


• Profilecraze.com


• Social-plus.com


• Facicons.com


• Facecoolsmileys.com


• Iminent.com


• Buzzdock.com


• Connectbar.net


• Elriel.com


• Dropdowndeals.com


• Pagemood.com


• Sweetim.com

If you've downloaded applications from the sites listed above or from other sites similar to them, it's strongly recommended that you remove these programs immediately.

How to Remove Rogue Browser Plug-ins

Mozilla Firefox Users

1. Click the orange ‘Firefox’ tab at the top of your browser window.


2. Select ‘Add-ons’ in the right navigation menu (it has a blue puzzle piece icon next to it).


3. Click on the ‘Extensions’ option.


4. Click ‘Remove’ next to any suspicious looking browser extensions.


5. Restart Firefox.

Chrome Users

1. Click the gray tool icon on the top right.


2. Hover over the ‘Tools’ option and click ‘Extensions’


3. Click ‘Remove’ next to any suspicious looking browser extensions.


4. Restart Chrome.

Safari Users

1. Click Safari in your top menu bar.


2. Select Preferences.


3. Select any suspicious looking browser extensions and click ‘Uninstall’.


4. Restart Safari.

Internet Explorer Users

1. Select ‘Tools’ in the menu bar (press the ‘Alt’ button if the menu bar is not visible)


2. Select ‘Manage Add-ons’


3. Select suspicious browser add-ons and click ‘More information’


4. Click the ‘Remove’ button.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Scratch that 4 Free Six Flags Tickets Offer, It’s a Survey Scam

I could definitely use 4 free tickets to Six Flags.

I’m sure that anyone would be willing to adopt a free set, especially considering a regular admission ticket costs $62 apiece.

Unfortunately, the offer for 4 free Six Flags tickets circulating on Facebook is nothing more than bait for the latest survey scam to hit the leading social networking site.

As usual, the scam is being spread via enticing Facebook wall posts that typically read:

Receive 4 Free Six Flags Tickets (Limited Time Only)
[LINK]

Six flags is currently giving away 4 free tickets to each Facebook user for a limited amount of time!

After clicking the link, you will be taken to a page asking you to complete 2 steps before claiming your free Six Flags tickets: first being to share the page and second to leave a comment saying, “Thanks, I love Six Flags!!”

That’s kind of an odd request considering you haven’t even received anything yet, but then again, the whole purpose of your comment is to help build credibility for the scam.

Only after you’ve shared the scam with all of your Facebook pals will it become rather obvious what this offer is really about, which is getting you to earn the scammer a pretty penny for every survey you complete:

Hmm, I suppose that it is rather silly to believe that Six Flags would take a $240 loss for every Facebook member that happened to see this offer, right? Especially considering Facebook has over 800 million members.

If you're really interested in getting a deal on Six Flags tickets, then keep an eye out for the next time they run their 2-for-1 ticket deal if you bring a Coca~Cola can. Or you can order your tickets online ahead of time for a pretty good discount as well.

With that being said, if you come across this survey scam on Facebook:

• Don’t bother clicking the link or filling out any of the surveys – you’re either earning scammers money from their affiliates for each completed survey or you’re providing them all of the information they need in order to send you spam or commit identity fraud.


• Remove any wall posts related to this scam from your profile and news feed – if you see a friend posting it, mark it as spam and/or fill them in on what this “offer” is all about.

Remember that survey scams are often spread on Facebook due to the easy sharing capabilities offered by the site, so if an offer seems too good to be true, it probably is.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Safari Vulnerable to Address Bar Spoofing in iOS 5.1

Surf with caution if you’re using Safari on iOS 5.1!

David Vieira-Kurz of MajorSecurity.net discovered that “an error within the handling of URLs when using JavaScript’s window.open() method” leaves the browser susceptible to address bar spoofing.

In plain English, that means that cybercrooks can use this flaw to make Safari’s address bar say you’re on one website when you’re actually on another.

This leaves the perfect opportunity for miscreants to launch phishing attacks to collect personal information from unsuspecting users.

The bug has been reproduced on the iPhone 4 , iPhone 4S, iPad 2 and the new iPad running iOS 5.1. A proof of concept can be seen here.

This vulnerability has been reported to Apple, so hopefully a patch will be released soon.

Until then, be careful what links you click and information you supply via your mobile device.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Java-Based 'Fileless' Malware Served via Compromised Site Ads

What’s more annoying than advertisements on a website?

Answer: Advertisements that infect your computer with “fileless” malware that’s completely capable of dodging the watchful eye of your antivirus software.

Kaspersky Lab discovered that an advertisements served through third-party ad network, AdFox contained malicious JavaScript code that would load an iframe containing an exploit for a known Java vulnerability (CVE-2011-3544).

Typically a Trojan dropper or downloader would be saved onto the hard-drive during the infection process, however this attack sets itself apart from the norm by injecting an encrypted dynamic link library (DLL) into an active Java process instead.

Therefore, the malware is active only in memory and is operational as long as the computer is not restarted – not that it’s a problem considering there’s a good chance that the user will revisit the infected site anyway.

Following a successful infection (which doesn't require any action on the user's part), the ‘fileless’ malware will begin operating as a bot: transmitting a user’s browsing history and a range of other technical information to a command and control server and attempting to disable UAC (user access control) in order to download and install Trojan-Spy.Win32.Lurk (“Lurk”) onto the system.

During their investigation, Kaspersky Labs contacted AdFox, who found that the offending advertisement was a result of a cybercriminal using an AdFox customer’s account to modify the code of news headline banners to include the malicious code. The bad code has been removed and all is well again.

While this particular attack was targeting Russian users, it’s entirely possible for the very same exploit and corresponding fileless bot to be used to target users in other countries.

For the record, the Java vulnerability exploited in this attack was patched in October 2011 and yet it was still successful. So, make sure you keep all third-party software installed on your machine fully patched and up-to-date!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

LinkedIn & BBB Spam Driving Traffic to Compromised WordPress Sites Spreading Cridex Malware

Cybercriminals are actively spamming out fraudulent emails purporting to come from trusted companies like the Better Business Bureau and LinkedIn in order to direct users to compromised WordPress sites housing exploit kits.

Both TrendLabs and M86 Security have taken notice to the mass compromise of websites running on the popular WordPress blogging platform and the corresponding spam campaign that’s striving to infect as many computers as possible with the Cridex Trojan.

The attack starts out by the user receiving a spoofed email stating they've received LinkedIn invitations and have pending messages or that a customer has filed a complaint about their company with the BBB, as the sample email shown below claims:

Screenshot Credit: TrendLabs

Subject: Better Business Bureau complaint

Attn: Owner/Manager

Here with the Better Business Bureau would like to inform you that we have received a complaint (ID XXXXXXXX) from one of your customers in regard to their dealership with you.

Please open the COMPLAINT REPORT below to find the details on this matter and inform us about your point of view as soon as possible.

We are looking forward to your prompt reply.

Regards,
Gerard Johnson

Dispute Counselor
Better Business Bureau
Council of Better Business Bureaus

4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

When the user clicks on the link to review the (non-existent) complaint - or pending LinkedIn messages - they will be taken to one of the compromised WordPress sites, ultimately leading them to the residing [Phoenix or Blackhole] exploit kit  that would attempt to leverage vulnerabilities within Adobe Reader and Acrobat (CVE-2010-0188) and Windows Help Center (CVE-2010-1885) to infect the target machine with WORM_CRIDEX.IC (Cridex).

When executed, Cridex will attempt to download its configuration files from a remote server.

Cridex is said to have capabilities similar to ZeuS and SpyEye banking Trojans, including the ability to:

• Take screenshots of every webpage accessed by the user in real-time.


• Blacklist and redirect URLs.


• Intercept browser requests and change the displayed content according to its configuration file in order to trick the user into entering private information.

All of the information captured by Cridex is then uploaded to a remote C&C server.

To avoid being hit by this malware attack, users are advised to exercise caution when following links within unsolicited emails. Traps like these can typically be avoided by taking a moment to hover your mouse over a link to see what the true destination URL is.

WordPress site owners can minimize the chances of their website being compromised by avoiding WordPress plug-ins with known vulnerabilities, using strong FTP credentials and exploring the numerous ways to help secure WordPress.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Latest Variant of Imuler OS X Trojan Uses Images to Infect Macs

Security researchers over at Sophos recently spotted a new variant of the Imuler Trojan horse targeting Apple’s OS X in the wild.

OSX/Imuler-B is leveraging the hotness of 2011 Sports Illustrated Swimsuit model Irina Shayk and the fact that OS X doesn’t show file extensions by default in order to infect Macs.

So while a Shayk fan thinks they’re actually opening an image of the supermodel, they’re actually unleashing the Trojan upon their machine.

Screenshot Credit: Sophos

Once Imuler-B is launched, it deletes the malicious application file and replaces it with an image of Shayk before quietly opening a backdoor and uploading sensitive information to a remote server.

It may be a good idea for Mac users to update their settings to show all filename extensions to avoid situations like these – and of course, to be careful about what you download and where you download it from.

While there aren’t as many malware threats for OS X as there are for Windows, there ARE threats out there. So make sure you don’t let your guard down too much.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Reminder: Don’t Download Files Attached to “USPS Delivery Failed” Emails

It’s Wednesday and I figured it was about time that we reminded everyone not to download any files attached to USPS spam.

Or FedEx spam. Or UPS spam. You see where I’m going with this, right?

Sending out “delivery failure notifications” laced with malware is obviously a favorite pastime of spammers and their bots, so we just want to make sure everyone knows not to download whatever “forms” are allegedly attached to them.

Just like the other USPS delivery failure spam we’ve received in the past (and trust me, we have received a lot of it), the latest variant claims that there was an issue delivering our package at the destination address and that we will need to use the attached document to either claim the package or re-attempt to deliver it.

 

Dear [EMAIL], hereby we notify you that your delivery tracking #650065 has FAILED to be delivered at the destination address. To claim your package or initiate a new delivery attempt please use the attached document.

Feel free to contact us with any further questions.

Call us
Call 1-800-ASK-USPS® (800-275-8777)
M-F - 8:00am-8:30pm ET
Sat - 8:00am-6:00pm ET
Sun/Holidays* - Closed

And, of course, there is malware inside the attached file, USPS ticket .zip.

Therefore, if you happen to receive a USPS spam message similar to the one outlined above, it’s strongly recommended that you:

• Do NOT download or open any attached files.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Ever Wonder What Happens to a Lost Smartphone?

If you were to lose your smartphone, would you be more worried about getting it back or whether or not whoever finds it rifles through your contacts, apps and data?

Antivirus software giant Symantec partnered up with Sprint in order to conduct a little experiment dubbed “The Symantec Smartphone Honey Stick Project” that involved “losing” 50 mobile devices in 5 major cities – New York City, Washington D.C., Los Angeles, San Francisco and Ottawa, Canada – to see what people do when they find a smartphone.

The phones were left unlocked and loaded with a variety of bogus personal and business focused apps whose sole purpose was to report back to Symantec what app was accessed, the time when the app was activated and the device ID.

The simulated apps included (information type in parenthesis):

• Social Networking (Personal)


• Online Banking (Personal)


• Webmail (Personal)


• Private Pix (Personal)


• Passwords (Neutral)


• Calendar (Neutral)


• Contacts (Neutral)


• Cloud-Based Docs (Neutral)


• HR Cases [PDF] (Corporate)


• HR Salaries [Spreadsheet] (Corporate)


• Corporate Email (Corporate)


• Remote Admin (Corporate)

As it turns out, a lot of the times folks are looking to do much more than just play finders’ keepers with lost smartphones – they’re looking to capitalize on their finding as much as possible!

During the 7-day study period, Symantec discovered that:

• Only 50% of the people who found the smartphones attempted to contact the owner (the owner’s phone number & email were clearly marked in the contacts app).


• Nearly all (96%) of the lost smartphones were accessed by whoever found them.


• 89% of devices reported attempts to access personal apps or data.
  
  
  
  • 60% of the devices reported an attempt to access the social networking apps.
  
  
  • 60% of the devices indicated attempts to access personal email.
  
  
  
  


• 83% of smartphones reported attempts to access corporate related apps or data.
  
  
  
  • The HR Cases file was accessed on 40% of the devices.
  
  
  • The HR Salaries file was accessed on 53% of the devices.
  
  
  
  


• Only 5% of the devices were not accessed during the study.


• On average, the “lost” devices went untouched for 10 hours before any attempts were made.

Based on Symantec’s findings, it’s safe to say that smartphone owners need to seriously consider what type of information is stored on their smartphones and whether or not someone could do some serious damage if they happen to get their hands on it – especially if their device is used for business purposes.

Sure, it may not be a big deal if someone were to sift through your smartphone’s photo gallery or text message history, but what about your corporate email or work related files and apps stored upon your phone?

At the very least, users should lock their phone with the built-in passcode or pattern-lock features. Apparently not even the FBI can get past the security offered by the pattern-lock feature built into Android without a little help from Google.

If you wish to take it a step further, you should look into installing an app that offers GPS tracking along with remote locking and wiping features.

For businesses that partake in the BYOD (bring your own device) practice, it’s important that the organization develops and enforces a strong policy requiring employees to password-protect their phones and create a guideline on how to handle a situation where a device is lost or stolen.

And, of course, it couldn’t hurt to watch after your smartphone as if it were your child.

Photo Credit: philcampbell

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

How a Casual Web Browsing Session Can Lead to Malware Infections

So there I was, sitting at home with my computer reading news articles, skimming over the latest tweets from those I’m following on Twitter and checking out the blog of one of the reality stars on a television show I was watching.

I wasn’t downloading anything, visiting any “shady” sites or anything of the sort. I was just casually surfing the internet in my Monday evening downtime shortly before crashing for the night.

So you can imagine how surprised I was when an ESET alert popped up, notifying that it had discovered malware – identified as HTML/ScrInject.B.Gen (Microsoft detects it as JS/BlacoleRef.A) to be specific – on one of the sites I was browsing.

For those who are unaware, HTML/ScrInject.B.Gen is a Trojan that injects malicious iFrames into websites in order to conduct drive-by-downloads on unsuspecting users.

Whenever a user visits a website that’s been compromised, the hidden iFrame will load a third-party site that will attempt to exploit any system vulnerabilities in order to download and install malware onto the visiting machine.

Thankfully, I was running antivirus software and so the malware was caught, but my experience is a huge reminder how important it is for users to take the proper steps to protect their PCs.

Even though you may be browsing websites that SHOULD be safe to visit, the fact of the matter is websites get hacked all the time and a lot of the time site owners don’t even realize their site has been compromised until it’s pointed out to them.

By that time, it’s already too late.

How to Keep Your PC Safe While You Surf the Web

If you’re curious on how you can do your best to prevent your PC from being infected by whatever malware is roaming around, here are a few tips that may help:

• Keep your system’s operating system up-to-date. Many users don’t realize the importance of updating Windows whenever Microsoft issues patches for system vulnerabilities – and cybercriminals love taking advantage of this. Don’t leave yourself open for infection when it could easily be prevented.


• Make sure you install updates for installed software. While it’s important that you keep your OS current, it’s also critical that you don’t forget to patch whatever software that’s installed on your PC. So make sure your browser is up-to-date, along with Java, Adobe Flash, Adobe Reader and Adobe Acrobat as those are programs commonly exploited in drive-by-download attacks.


• Consider disabling Java browser plug-ins or uninstalling it altogether. Do you really need Java to be installed on your PC? If you don’t, then it may be best to just uninstall it completely from your computer. If you do need it – say for your bank’s website – then dedicate one browser to that task and disable the Java plug-in for your remaining browsers.


• Look into the best security plug-ins for your browser – and use them!  There are a number of plug-ins that will help you secure your browser and ultimately provide you with the best web experience possible. For instance, Firefox users enjoy NoScript since it allows you to control which scripts execute on a website, which is something that can come in handy if you happen to visit a site rigged with malicious JavaScript. Do a little research and figure out what’s recommended for your browser of choice.


• Always run antivirus software. You never know what’s going to be lurking on that next website you visit or hiding inside that file you downloaded, so always make sure you’re running antivirus software and keep the virus definitions up-to-date.


• Remain vigilant and use common sense. Make sure you know how to spot a malicious image link when you see one and if a link looks suspicious, don’t click on it. Only download files from trusted sources and scan all downloaded files.

Do you have any other tips? Feel free to share them below!

Happy Surfing!

Photo Credit: Bull3t

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

FedEx Spam Delivers Nasty Trojan

What’s this? Another FedEx email stating that a package was sent to me and in order to view additional information (including the tracking number) I must download the file attached to the email?

That sounds safe, right? …Wrong!

Despite malware-infested FedEx spam quickly becoming the oldest trick in the book, cybercriminals are still hell-bent on pumping it out and keeping their fingers crossed that maybe, just maybe, someone will fall for their trap and infect their computer with whatever malware they’re pushing.

It’s more than likely that someone somewhere WILL fall for these fraudulent emails – why else would spammers continue to send them? There’s a good chance that one of the recipients is actually waiting on a delivery via FedEx.

With that being said, if you see an email similar to this one arrive in your inbox, feel free to delete it without downloading the attached file:

Subject: Parcel notification 425207
From: FedEx Service (infob@fedex.com)

FedEx ®

Dear customer.

The parcel was sent your home address.
And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.

Copyright © FedEx 1995-2012

Attached to the email is a file named, “FedEx document.zip,“ which contains Trojan-Downloader.Win32.Anedl.g – which is a Trojan horse that is not to be trifled with.

Once Trojan-Downloader.Win32.Anedl.g infects your machine, it will download and install additional programs [/malware] and files onto your PC, inject malicious code into existing applications and system processes (making it difficult to remove) and modify numerous registry keys.

Therefore, if you receive a copy of this FedEx spam email, it’s recommended that you:

• Avoid downloading or opening any attached files.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

American Express Spam Luring Users into Drive-by-Download Attack

The BBB is warning the public not to fall for an American Express phishing email that’s being spammed out by cybercrooks in order to drive traffic to drive-by-download sites.

The emails, titled “Thanks for Updating Your Email” have been carefully crafted to closely resemble legitimate emails and carry the American Express logo and color scheme.  All of the links inside the email – including those in the footer – point to a third-party website rigged with malicious code that will attempt to install malware on the user’s machine upon visit.

Here is one of the emails intercepted by the Better Business Bureau:

Thanks for updating your email address

Cardholder,

Thanks for updating your e-mail address with us.

We changed your e-mail address in our files to [EMAIL]. If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change, please CLICK HERE, or log in to online.americanexpress.com.

Thank you for your Cardmembership.

Sincerely,

American Express Customer Service

Contact Customer Service | View Our Privacy Statement  | Add Us to Your Address Book

Your Cardmember information is included in the upper-right corner to help you recognize this as a customer server e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindly ask you not to reply to this e-mail but instead contact us securely via the customer service link above.

Copyright 2012 American Express Company. All rights reserved.

If you receive this email, it is advised that you:

• Do not reply to the email and avoid clicking on any of the embedded links.


• Forward the email to spoof@americanexpress.com


• Delete the email.

As a side note, it is always best to type the URL of the website that you wish to visit directly into your browser address bar instead of clicking on the links provided within emails. This will minimize your chances of falling for a phishing scheme or malware trap.

Stay safe!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Hacker Allegedly Breaks into Anonymous Smartphones, Reminds Us of QR Code Safety

A hacker known as “The Jester” claims that he not only successfully broke into the smartphones belonging to Anonymous members and others unfortunate enough to be on his “hit list,” but that he’s copied whatever text messages, emails, address books and any other data he could get his hands on.

So far, the attack hasn’t been confirmed; however, it serves as a scary reminder for folks to pick the QR codes they scan with their phone wisely.

The Jester’s Mobile Attack

According to an entry posted on The Jester’s blog on March 9^th, the mobile attack was carried using a QR code – which he set as his Twitter profile picture @th3j35t3r – and a drive-by-download targeting both Android and iOS smartphones.

Whenever someone scanned the QR code, they were taken to a page with The Jester’s original Twitter profile picture with the word ‘BOO!’ beneath it. Of course, the real scary part was what was silently happening in the background – which in this case, was a known vulnerability in Safari, Chrome and the stock Android browser being exploited, allowing the phone to communicate with a remote server running Netcat.

A script would execute and retrieve the Twitter username linked to any major Twitter apps detected on the phone. If the username matched one belonging to someone on The Jester’s “hit list,” then a data pilfering script would collect all text messages, phonebooks, call history and emails stored on the phone.

The attack allegedly went on for 5 days and The Jester stated on his blog that over 1,200 people scanned the QR code and 500 of those “reverse shelled back to the listening server," including a “significant number” of those present on the hit list. Targets of The Jester include Islamic Extremists, Al Qaeda Supporters and those affiliated with the Anonymous movement.

The Jester states that NO data was taken from smartphones that accessed the page but did NOT have a targeted Twitter handle attached to it.

On Monday, The Jester posted a signed PGP encrypted file (143MB) on Mediafire.

Dangers of QR Codes

While the moral stance of this attack is still up for debate, it serves as a creepy reminder that users need to think before letting the curiosity of a QR code get the best of them and their phones.

The Jester’s attack may have been extremely resourceful – using Twitter handles to single out his targets – but it definitely wasn’t been the first mobile attack to start off with a QR Code scan and there’s a good chance it won’t be the last.

Beyond the previously suggested tips on how to protect your smartphone from malicious QR codes, users need to consider where the QR code is coming from before following it. Otherwise, you could end up at a pharmaceutical site, have malware planted on your device, or in this case, have a bunch of sensitive data lifted from your smartphone.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

"Bad Photo" Spam Now Using Malicious Links

Since the beginning of March, we have been monitoring a “bad photo” spam campaign attempting to infect user PCs with malware.

For the most part, the messages were fairly similar to one another – the subject line either asked if it was you in the photo or hinted that the photo was sent by an ex, the body of the email carried a dose of morbid humor and an attached zip file named “photo.zip” contained the Gamarue.B worm.

However, judging from the spam email we received this morning, it appears as though the bad guys behind this spam campaign have opted to begin using malicious links in lieu of file attachments:

Subject: You have to explain yourself, this is really serious
From: Abbie Abdur (AleeshaAbbassi[at]mail.com)

Sorry to disturb you [EMAIL],
Can you provide any sort of explanation for this?? Where did you get my pictures u sent me in this email? You know that I can sue you for that??? Your crap is in the there: hxxp://bj04.com/myimg/?IMG1575.jpg

(Warning: Do NOT visit the URL included above.)

Should a recipient click the link, they will be redirected to a malicious site housing the Blackhole Exploit Kit,  which will attempt to exploit two system vulnerabilities – one in Adobe Reader (CVE-2010-0188) and the other in Windows Help & Support Center (CVE-2010-1885) – both of which could open a backdoor on the target machine and grant an attacker remote access. All of this will happen silently in the background as the end-user is shown the following message: "Please wait page is loading..."

If you receive any “bad photo” spam message similar to the ones we’ve previously outlined, it’s strongly advised that you:

• Do NOT click any embedded links.


• Do NOT download or open any attached files.


• Delete the messages immediately

Additionally, it may also prove worthwhile to check out a previous blog post on how to spot a malicious image link. It could save you from clicking on a dangerous link posing as a harmless image link (like the one in the spam email) in the future.

Stay safe, everyone!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: HP Probook 4530s Notebook for $549, plus shipping!

This offer expired on 3/16/12. Contact us for our current special offers.

Stylish performance. Watch, present, video conference, and multitask on this durable, stylish notebook. This versatile and secure HP ProBook boasts a 15.6-inch diagonal HD monitor to make an impression in and out of the office.

For a limited time, you can order a brand new HP Probook 4530s Notebook from Hyphenet for only $549, plus taxes and shipping! Call Hyphenet at (619) 325-0990 to order yours today!

Specifications for the HP Probook 4530s Notebook

MFR#	A7K06UT
Display	15.6" LED Widescreen 1366 x 768 WXGA Display
Processor	Intel Core i3 2.3GHz
RAM	4 GB DDR3 SDRAM - 1333MHz
Hard Drive	500 GB (5400 RPM)
Optical Drive	DVD Super Multi Dual Layer Burner
Graphics Processor	Intel HD Graphics 3000
Webcam	Integrated Webcam
Networking	Gigabit Ethernet, WLAN : 802.11 a/b/g/n, Bluetooth 3.0
Operating System	Windows 7 Pro 64-bit
Warranty	Limited 1-year warranty.

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your HP Probook 4530s Notebook today!

Buy of the Week offer valid through March 16th, 2012.

* Shipping and taxes apply.

This offer expired on 3/16/12. Contact us for our current special offers.

Survey Scams Using Fake CAPTCHA to Spread on Facebook

Let’s say you click a link on Facebook, which takes you to a page asking you to fill in the text from a CAPTCHA image in order to “confirm your identity” before viewing the content.

Would you think twice before entering the image text?

Probably not, but...maybe you should.

After all, researchers over at BitDefender recently spotted a new survey scam that’s using a fake CAPTCHA in order to spread the fraudulent love.

Here is the spam message that is luring folks in and being posted on the new victim’s Facebook wall once they fall for the scam:

PHOTO! Girl accidentally sends dad SMS about her FIRST TIME!
[LINK]
This is the funniest thing ever!

How the CAPTCHA Survey Scam Works

Upon clicking the link, the user will be taken to what appears to be a spoofed YouTube page where they will be presented with a dialog window asking that they enter the text displayed in the CAPTCHA image. If you look closely, though, you will see that the word ‘Comment’ is behind the large ‘Submit’ lettering, serving as a hint that things aren’t what they seem.

Credit: BitDefender (MalwareCity)

Once the ‘Submit’ button is pressed, the victim will be presented with a variety of surveys to complete in order to "prove they are human" in order to gain access to the photo.

Meanwhile, the spam message has been posted to their Facebook wall in hopes of tricking all of their Facebook pals into falling for the same scam.

Cybercriminals often launch survey scams like these since they get paid a commission for each completed survey - although they've been known to use the collected information to commit identity fraud or sign the user up for expensive SMS subscription services.

With that said, don’t be blinded by curiosity when exploring links shared by your Facebook pals. If you’ve fallen for this scam, be sure to remove the spam message from your wall and enlighten anyone you see posting it on theirs.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Don’t Download ZIP Attached to ‘Photo from your Ex’ Spam

Did you get an email allegedly containing a photo from your ex? Don’t let curiosity get the best of you (or your PC) and download any files attached.

Spammers are determined to trick users into believing that some random person is forwarding them an unflattering picture shared by an ex in hopes of them downloading malicious files containing malware.

Since yesterday morning, we’ve received 3 emails tied to this spam campaign:

Email #1:

 From: ToniFanucchi (BrigitVittekamsew[at]mail.com)
Subject: Your ex sent me this pciture of you.

Hi [EMAIL],
Your ex sent me this (in attachment). She might be a b*tch all right, but I laughed hysterically. You should kill her now probably :).

Email #2:

From: SavannaLandon (PagetPellegrinny[at]mail.com)
Subject: “Your photo from your ex”
Hi [EMAIL],
I got this photo from your ex. You look really bad naked. See attach.

Email #3:

From: AleaseCanupp (LizaManselhw[at]mail.com)
Subject: “You should kill your ex after this photo”
Hi xtimehealsx@yahoo.com,
I have this picture of you from your ex. I know this is cruel but I laugh like mad when I saw it.

All three emails had an archive named “Photo.zip” attached, which contains the Gamarue.B worm that we’ve seen in similar spam messages.

As we’ve previously warned, once Gamarue.B makes its way onto your PC, it will modify registry keys to ensure it runs on Windows start up, connect to a remote server to download additional malware and copy itself to removable drives to spread its infection even further.

If you receive any emails claiming to contain a photo from your ex, it’s strongly recommended that you do NOT download any files attached to it and delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Secunia Issues Advisories for 2 Unpatched Safari Web Browser Vulnerabilities

On Friday, Danish vulnerability tracking firm Secunia published information related to two vulnerabilities within the Safari web browser following Apple’s reluctance to provide an estimate timeframe on when they plan to issue a patch.

Secunia disclosed the “moderately critical” plug-in unloading vulnerability, which could lead to an attacker gaining remote control of the system, to Apple six months ago. The less critical address bar spoofing vulnerability was reported to Apple over eight and half months ago.

In both cases, Apple failed provided a targeted patch release date despite Secunia’s multiple attempts to get a status update that included one. Three and a half months after the bugs were reported, Apple stated that the vulnerabilities had been confirmed and are being investigated. No further details were provided and ultimately Apple stated it was against their policy to comment on fix dates.

Vendors are given a 6-month semi-hard deadline to fix vulnerabilities that are reported via Secunia Vulnerability Coordination Reward Program (SVCRP), which offers a way for researchers to have their bug findings confirmed and reported to vendors.

The vulnerabilities have been confirmed in versions 5.0.5 (7533.21.1) and 5.1.2 (7534.52.7), but other versions may be affected.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

AntiSec Keeps Busy, Defaces New York Ironworks Website

The AntiSec Crew has struck again.

This time they defaced the website of New York Ironworks, a police equipment retailer that’s based in New York.

The attack comes only a day after AntiSec defaced multiple websites belonging to Spanish antivirus software company, Panda Security. In that attack, dozens of websites owned by Panda Security were hacked due to the company's alleged cooperation with authorities that lead to the arrest of numerous Anonymous hackers - along with blog posts praising the apprehension of high-ranking LulzSec members.

Just like the attack on Panda Security, the New York Ironworks site content was replaced with a YouTube video (“Fight Club Ending HD Version”), a message that both honored hackers that got busted and taunted law enforcement, and a laundry list of email addresses and login credentials that were lifted from the Ironworks’ database.

As of right now (3/9/12 at 9:30AM PST), the New York Ironworks website appears to be offline.

We’ll keep an eye out and update this post if anything changes.

Update 3/19/12: The New York Ironworks website is still down.

Update 4/4/12: A maintenance page has been thrown up: "New York Ironworks is currently undergoing scheduled maintenance. The site should be available shortly. Thank you for your patience."

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Mass Injection Attack Targets WordPress, ExpressionEngine & Joomla Sites

Over 30,000 unique websites have been hit by a mass injection attack that aims to spread fake antivirus software, warn Websense security researchers.

Majority of the sites that have been compromised are running on the popular WordPress blogging platform; however, after a little digging we found that ExpressionEngine and Joomla sites are also being targeted.

According to Websense, the following malicious code is being injected at the bottom of pages, right before the closing body tag (minus the spaces):

< sc ript src=”hxxp://ionis90landsi.rr.nu/mm.php ?d=1 “>
</body>
</html>

Once a user attempts to visit a website that’s been compromised, their browser is redirected multiple times before ultimately landing on a fake antivirus software webpage resembling a Windows Explorer window that pretends to scan the visitor’s computer and detect multiple malware infections.

“The fake antivirus then prompts visitors to download and run their ‘antivirus tool’ to remove the supposedly found Trojans,” Websense explained in a blog post, “The executable is itself the Trojan.”

The initial link that’s being injected into websites is an “.rr.nu” domain and the landing page is a “.de.lv” domain; however, the landing page keeps changing.

Website owners are advised to do their best to protect their sites by using strong FTP credentials and researching known vulnerabilities within their selected CMS and related plug-ins and/or extensions.

You can check if your website has been compromised by using online scanners like Sucuri’s SiteCheck Scanner.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

AntiSec Hacks Panda Security Sites for Praising LulzSec Arrests

While law enforcement may have been toasting to the arrests of six Anonymous hackers belonging to the LulzSec team on Tuesday, another group of Anonymous affiliated hackers were on the prowl for their next target.

Who did they pick? None other than the Spain-based antivirus firm, Panda Security.

According to a message posted on Pastebin, Anonymous hackers affiliated with the AntiSec group defaced over two dozen Panda Security domains on Wednesday, replacing their content with a YouTube video that highlighted past LulzSec activity, along with what appeared to be a collection of login credentials and email addresses of over a hundred Panda employees.



It seems that Panda Security was targeted because of their (alleged) cooperation with law enforcement in identifying LulzSec members and for a (now inaccessible) blog entry  posted by PandaLabs technical director, Luis Corron, which praised the LulzSec arrests.

Panda Security took to Twitter and Facebook accounts to address the public, saying that the AntiSec group only hit “marketing and blog” sites that were hosted externally and did not breach their internal network. No source code or customer data was accessed.

As for the logins that were posted? Panda Security states they were old or invalid.

Here is the official statement taken from the Panda Security Facebook page:

On March 6th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network. This server was used only for marketing campaigns and to host some of the company’s blogs. Neither the main website www.pandasecurity.com  nor www.cloudantivirus.com  were affected in the attack. The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed. The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years.

We continue investigating the cause of the intrusion and will provide more details as soon as they become available. Meanwhile we assure all our customers and partners that none of their information has been compromised and that our products and services continue functioning as normal.

At the time of this writing, all of the sites that were hit by AntiSec still appear to be offline while Panda investigates what happened.

Let’s hope that they don’t discover that their internal network was infact breached and the hackers did plant a backdoor in their software, as they claim in their message left during the attack. Only time will tell.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.