Tuesday, July 31, 2012

Malware Requests That You Donate to Charity (So it Can Steal Your CC Info)

Donate HeartIt seems the Citadel Trojan has learned a new way to trick victims into exposing their credit card information: by asking them to donate to a children’s charity.

According to Trusteer researchers, this new Citadel malware variant uses HTML injection to present the option to “make a donation” once a user logs into their Facebook account on an infected machine.

Instead of giving the same stale sales pitch for every language, the malware switches up the charity fund depending the user’s country & language settings, focusing on English, Italian, Spanish, German, & Dutch.

English Citadel Malware Attack: Donate to Benefit Kids in Haiti

In the English version of the attack, upon logging into their Facebook account, users are presented with a dialog box asking that they help “serve the poorest child in Haiti” by making a donation:

Citadel Malware English Attack: Donate to Kids in Haiti

You can save a life with only $1. When you give to HPC, 99% of every dollar “cash plush gifts-in-kind” goes directly to programs that serve the poorest child in Haiti. We work currently with two orphanages and elementary school, we are seeking donations. Please donate and help us spread the word to your friends, families, etc. Click to donate to make a difference! All you give, they’ll be much appreciated. We appreciate your interest and hope that you will open your hearts and donate to better the lives and futures of those in need. If you have any questions before you donate please do not hesitate to contact us. We treat personal information with the utmost respect for your privacy. Click the button above. Thank you.

Clicking the ‘Continue’ button will bring up a second page with all of the necessary fields to hand your credit card information over to the scammers.

Citadel Malware Wants Your Credit Card Information

Unfortunately for anyone that falls for this scam, it’s highly unlikely that they’ll actually use any of the money they steal from you to make a donation to a charity.

Trusteer researchers did not say how they came across this specific build of Citadel malware, but previous versions of Citadel have been spread via drive-by-downloads.

To minimize their chances of having their system infected, users are advised to keep their operating system and third-party software up-to-date, run antivirus software (keep those virus definitions current!) and remain vigilant when browsing the web or checking email.

Check Trusteer’s blog for additional information on the Italian, German, Dutch and Spanish versions of this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+

Friday, July 27, 2012

Buy of the Week: Dell OptiPlex 390 (DT) for $597!

This offer expired on 8/3/12. Please check top banner ad for our current deal!

Dell OptiPlex 390 (DT)Bring easy-to-implement security, manageability and services to your organization with the Dell OptiPlex 390. This affordable desktop solution comes ready to work, providing your office with essential standard office productivity.

Until August 3rd, 2012, you can order a new Dell OptiPlex 390 (DT) from Hyphenet for only $597, plus shipping!

Specifications for Dell OptiPlex 390 (DT)

Device TypePersonal desktop computer
ProcessorIntel Core i3 2120 3.3 GHz (Dual-Core)
Hard Drive500 GB (7200 RPM)
Optical StorageDVD±RW
Graphics ControllerAMD Radeon HD 6350
AudioSound card
Fast Ethernet,
Gigabit Ethernet
Operating SystemWindows 7 Pro (64-bit)
Keyboard/MouseDell USB Keyboard
Dell Optical Mouse
Warranty3 Year Dell Warranty (on-site)

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your Dell OptiPlex 390 today!

Buy of the Week offer valid through August 3rd, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 8/3/12. Please check top banner ad for our current deal!

Thursday, July 26, 2012

More Information on OSX/Crisis Trojan Released: What Can It DO?

New Apple Trojan DetailsMore details about the newly-discovered Crisis Trojan targeting Apple users have emerged, and let me just say: OSX/Crisis (aka OSX/Morcut) is jam-packed with some extra creepy functionality.


After OSX/Crisis has been successfully installed on a machine, it will inject itself into a number of programs to spy on the infected user’s activity.  These applications include popular ones like:

  • Skype

  • MSN Messenger

  • Adium

  • Firefox

In addition to tracking all activity within the programs listed above, OSX/Crisis allows an attacker to monitor and/or control the following operations:

  • Mouse position

  • Location

  • Internal Webcam & Microphone

  • Clipboard Contents

  • Key strokes

  • Running applications

  • Web addresses

  • Screenshots

  • Calendar Data & Alerts

  • Device Information

  • Address Book Contact Information

As you can tell, with OSX/Crisis on your system, you will have no sense of privacy. Everything you do is subject to being recorded – including any audio conversations held via Skype – and all of the data collected by OSX/Crisis will be sent to a remote server controlled by the attackers.

On a side note, Intego Security researchers found that there are sections of the Crisis Trojan’s code that suggests that it was a part of a commercial malware tool called “Remote Control System” (or RCS) that’s geared towards government surveillance and mainly sold in the US and Europe.

RCS, which was created by a company called HackingTeam, usually carries a hefty price tag of €200,000 ($245,664), leading Intego to believe that it’s likely only being used in targeted attacks.

Dr. Web’s write-up of OSX/Crisis, which they identify as BackDoor.DaVinci.1, appears to draw up the same conclusion.

Known Aliases

Although this new Trojan is often referred to as the “Crisis” Trojan, it does have other names:

  • OSX/Morcut (Sophos)

  • BackDoor.DaVinci.1 (Dr. Web)

  • Backdoor:MacOS_X/Flosax.A (Microsoft)

Graham Cluley of Sophos stated that the “Crisis” name is a result of the name appearing within the malware’s code. Instead of adopting the suggested name, Sophos opted to name the Trojan OSX/Morcut.

Dr. Web’s name seems to be derived from the name of the man who started HackingTeam, David Vincenzetti.

Microsoft stated on Facebook that they detect this threat as MacOS_X/Flosax.A.

Detecting & Removing OSX/Crisis

It’s important to note that OSX/Crisis has still NOT been spotted in-the-wild, so the risk of being infected is relatively low. However, Intego, Sophos and Dr. Web all offer antivirus solutions that are capable of detecting and removing the OSX/Crisis in the event that the day where it is actively being spread comes.

For more information on OSX/Crisis, including what versions of OS X it runs on, check out my previous post.

[via Intego][via Sophos][via Dr. Web]

Note: This article was updated on 7/30/12 to add Microsoft's alias for OSX/Crisis.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+

Accidentally Minimize the Ribbon in Microsoft Office? Here’s How to Restore It

Microsoft Office 2010I’m not exactly sure how I managed to do it, but at some point the preference to ‘Minimize the Ribbon’ in Microsoft Office 2010 became enabled.

Having the Ribbon jump to-and-from view whenever I moved my mouse to the top of the Office window was driving me downright crazy, so I had to change the setting back.

Should this happen to you, here’s how you can get the Ribbon to remain visible without having to hover near the top of your Office 2010 window:

Method 1:

  1. Press Ctrl + F1

Method 2:

  1. Hover your mouse at the top of Office to trigger the Ribbon to show and right-click.

  2. Click on the ‘Minimize the Ribbon’ option.

There you have it, folks. Enjoy a visible Ribbon once more!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Wednesday, July 25, 2012

Malware-Laced Traffic Ticket Spam Coming to an Email Inbox Near You

Speed Camera WarningDon’t be fooled by any spam emails claiming that you’ve been busted for speeding.

Cybercriminals are giving traffic ticket spam another go, which means you will have the option to click on a malicious link or download an attached file laced with malware. It all depends on which spam message you get.

Regardless of the delivery method, the goal is still the same: infect as many computers as possible.

Below are examples of the traffic ticket themed emails currently making rounds, courtesy of computer security firms Webroot and Sophos.

NYC Traffic Ticket Spam Makes a Comeback

First up, the sample traffic ticket intercepted by Sophos:
Subject: NYC Traffic Ticket N(ID:  XXXXXXXXXXX)

New York State * Department of Motor Vehicles


Local Police Code


Time: 7:18 AM
Date of Offense: 9/12/2011

NYS V AND T LAW Description of Violation:

If the email seems familiar, it’s because it’s almost identical to the New York Traffic Ticket spam I wrote about in October 2011. The only real difference here is that the payload is delivered through a malicious link pointing to a site housing the Blackhole exploit kit versus a file attachment.

Upon visit, the exploit pack will attempt to exploit vulnerabilities within Adobe Flash or PDF to install malware on the target’s machine.  Sophos detects the threats associated with this attack as Troj/SWFExp-AI and Troj/PDFEx-GD.

Speeding Violation Spam Claims to Have Video Evidence

The traffic ticket spam email provided by Webroot was new to me. Instead of simply saying you had a ticket, it claimed to have video evidence that you had broken the law! Clever move, spammers.
Traffic police violation center.

Hello, your vehicle has been identified on Friar's Way as violating the red light traffic signal on [RANDOM DATE]. Please find the camera recording of your vehicle attached to this notification.

You can comply with this Violation notification as follows: Pay the sanction and surcharge, indicate you are not the driver, or contest responsibility.

Sun, 15 Jul 2012 15:04:04 +0400

Now, I’m sure most of us would want to see this alleged “proof,” but hold on just a second... did you see the name of the attached file (click to see the VirusTotal report, the file name is at the top)? It’s clearly not a police video.

Nope, it’s just the Gamarue.I worm, which is often the malware of choice attached to spam – just check a few other posts on our blog.

Don’t fall for any of these spam tricks, folks. If you really were busted for a traffic violation, any follow-up correspondence is likely to arrive via good ol’ snail mail. Think about it: when exactly did you disclose your email address to the authorities?

It’d still be a good idea to keep your OS up-to-date and run antivirus just in case you have a brief lapse in judgment. ;)

Photo Credit: amandabhslater

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

New “Crisis” (or Morcut) Trojan Found Targeting OS X 10.6 & 10.7

New Trojan Targets OS X 10.6 (Snow Leopard) and 10.7 (Lion)Mac users, be on your guard.

Security researchers at both Intego and Sophos are warning users about a new backdoor Trojan named OSX/Crisis (aka OSX/Morcut-A to Sophos users).

The Targets

OSX/Crisis is said to install silently, without the need of a password, and only works on computers running OS X 10.6 (Snow Leopard) and 10.7 (Lion).

It doesn't run on the newly-released 10.8 (Mountain Lion), and has the tendency to crash on 10.5 (Leopard).

Infection Method

Good news is that the Crisis Trojan has not been spotted “in-the-wild.”

Intego stated that they came across samples of the malware on VirusTotal (a site that is used to scan suspicious files and URLs, and share malware samples between security companies), and there was no mention of origin on the sample that Sophos got ahold of.

Sophos' malware sample came packaged in file deceptively named “AdobeFlashPlayer.jar” that contained a .class file named WebEnhancer along with "two unassuming-looking files named win and mac."

Given the archive name, one wouldn’t really think anything of these files; however, the “mac” file is actually the installer for OSX/Crisis Trojan while “win” serves as an installer for Windows malware identified as Mal/Swizzor-D. No need to leave Windows out of the fun, right?

Had this file been used in an actual attack, the user would get SOME kind of notification since the WebEnhancer applet triggers a digital signature alert warning stating that the applet is from an untrusted publisher.

WebEnhancer Warning

Screenshot Credit: Sophos

Should that screen be ignored and the applet allowed to run, the malware will be installed without any further warnings to the user.

This is only one example of how OSX/Crisis can be delivered, though. Other methods may not cause alerts that throw red flags to the user.

Installation Process

While it’s true that OSX/Crisis doesn’t require a password to install, the user account permissions play a slight role in the Trojan’s installation process.

If OSX/Crisis runs on a user account with Admin permissions, it will drop a rootkit to hide itself and create 17 files. A user account without Admin privileges will result in 14 files being created.

Although majority of the files created are randomly named, they tend to fall under the following folders, which are also created by OSX/Crisis:

  • /Library/ScriptingAdditions/appleHID/

  • /System/Library/Frameworks/Foundation.framework/XPCServices/

Note: The “XPCSerivces” folder is only created if the user account has Admin permissions; the “appleHID” folder is created with or without Admin permissions.

After OSX/Crisis has been successfully installed, it will remain active – even if the system is restarted – and check-in with a remote server (IP address every 5 minutes.

OSX/Crisis is said to be created in a way that makes reverse-engineering more difficult and uses low-level system calls to hide its activities. These techniques are common in Windows malware, but not OS X malware.

Protecting Your Mac

Now that you’re aware of the threat, what can you do to protect your Mac?

  • Keep your OS up-to-date to make sure there aren’t any vulnerabilities that an attacker may exploit to plant OSX/Crisis on your system.

  • Consider disabling Java plug-ins on your browser or removing Java altogether. Cybercriminals love exploiting Java vulnerabilities to spread malware, and researchers warn that Java-based attacks are on the rise.

  • Always run antivirus software on your Mac. Most antivirus vendors offer security products for both Windows and Mac. Sophos even offers a free Mac antivirus solution, so you really have no excuse. ;) Both Sophos and Intego's antivirus apps detect and remove OSX/Crisis.

  • Be careful what files you download. That means no downloading files attached to emails from unknown or untrusted sources.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Tuesday, July 24, 2012

Researchers Find More Android Malware: Some Send Expensive SMS, Others Steal Data

Android KO'dI’ve said it before and I’ll say it again: If you plan on downloading apps on your Android device, make sure that you’re getting the apps from a trusted Android market like the official Google Play store or Amazon Appstore for Android.

Don’t download apps from random third-party sites, and don’t complete the installation process for apps that present two different permission screens.

Failure to heed such warnings can easily result in your beloved smartphone being infected with Trojan apps that either steal your data or rack up expensive cellphone bills by firing off SMS messages to a premium-rate number.

Android Malware Wants Your Contacts

An example of Android malware that steals data would be Android.Ackposts, which was recently discovered by Symantec researchers.

Long Battery Life Android TrojanAndroid.Ackposts tends to find its way onto the smartphone of unsuspecting Android users by posing as a battery-saving app.

Only two permissions are requested during installation (on a single screen): full internet access and the ability to read contact data, which is all it really needs since its entire purpose is to harvest email addresses for spammers and upload the data to a remote server.

The fact that the Android.Ackposts targets contact information makes a little more sense once you realize that the app is being advertised via Japanese spam messages.

New OpFake Variant is... Less Fake, Actually Installs Opera Mini Browser

As far as SMS-sending Trojans go, OpFake is maintaining relevance thanks to a new variant that comes bundled with the mobile web browser it poses as instead of merely carrying the name and nothing more.

GFI Lab researchers found this new version of OpFake (detected as Trojan.AndroidOS.Generic.A) lurking on a fake Opera Mini support website. The Trojan is delivered in a package (ironically) named “com.surprise.me,” which contains a file named “opera_mini_65.apk.”

Users are presented with two permission screens during the installation process, which should throw a huge red flag that something‘s amiss. Unfortunately, the first screen applies to the actual malware itself, so it’s critical that users actually pay attention to the permissions being requested whenever they install an app. Once you agree to the first set, you will be shown the permissions for the legitimate Opera Mini app.

Btw, I can’t think of any reason why a browser would need SMS permissions.

Permissions Screens for New OpFake Variant

 OpFake permission screens credit: GFI Labs 

After everything is said in done, the user can use the actual Opera Mini browser. However, the malware will also be using its approved permission set to send a SMS message to a premium rate number and connect to a remote server and read stored information including:

  • Country location

  • Operator name

  • OS version

  • Phone type

  • Device ID (IMEI)

Keeping Your Android Device Safe

Despite the threats roaming about, it’s relatively easy to keep your Android device malware-free.

  • Only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android.

  • Always check the number of downloads, app rating and user reviews. If an app has a poor rating or a laundry list of poor reviews, it’s likely in your best interest to take a pass on downloading it.

  • Carefully review permissions before downloading and/or installing. If you feel that the app is requesting permissions that it shouldn’t be, don’t install it.

  • Watch for multiple ‘Permissions to Install’ screens. The first screen typically applies to the malware itself, so it’s important that you scrutinize app permissions. That second screen should serve as more of a “head’s up” that you may have just fallen into a malware trap.

Have you discovered any malware on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Monday, July 23, 2012

Booking.com Spam Wants to Confirm a Spot for Malware on Your PC

Booking.comDid you receive a confirmation email for a hotel reservation that you don’t recall making?

Don’t worry, it doesn’t mean there’s someone parading around booking hotel reservations in your name. There is a good chance that the email is seeking to infect your PC with malware, though.

The email poses as a confirmation email from Booking.com, a hotel reservation booking website owned and operated by Priceline.com:
Subject: Hotel Reservation Confirmation
Date: Thu, 12 Jul 2012 17:51:47 +0800

We have received a reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details:

Arrival: Tuesday, 31 July ‘12
Number of rooms: 1

Customer Service Team
Booking.com http://www.booking.com

Your reference ID is: [random string]

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases room offer free cancellation. Booking.com guarantees rates in both cities and regional destinations – ranging from small family hotels to luxury hotels.

Attached to the email is a file named Hotel-Reservation-Confirmation_from_Booking.exe, which is actually a nasty piece of malware that Sophos detects as Mal/Katusha-F.

Should Mal/Katusha-F make its way onto your PC, it will create/modify system registry keys and open a backdoor, granting an attacker remote access to the machine to do whatever they please (steal data, download additional malware, etc).

If you happen to receive one of these emails, you're advised to:

  • Avoid downloading any attached files.

  • Delete the email immediately.

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Friday, July 20, 2012

Buy of the Week: 23" LG LED Monitor IPS231B-BN for $211!

This offer expired on 7/27/12. Please check top banner ad for our current deal.

23" LG LED monitorWith the IPS231B-BN, LG combines the wide viewing capabilities of In Plane Switching (IPS) technology with the superior picture quality of LED backlighting. The result is an advanced display that produces precise and vivid colors with spot on detail even from different viewing angles.

Full HD is taken to new heights with exceptional contrast ratios and brightness levels that bring out subtle color differences as well as the deepest and the most difficult shades of black.

The IPS231B-BN also seeks to be an environmentally friendlier product earning the highest EPEAT (Electronic Product Environmental Assessment Tool) Gold rating. Consuming less power than our typical LCD models, LED technology also limits the amount of halogen or mercury used to manufacture each unit. It also comes with a tilt, swivel, pivot, and height-adjustable stand for optimal viewing.

Until July 27th, 2012, you can order a new 23" LG LED Monitor IPS231B-BN from Hyphenet for only $211, plus shipping!

Specifications for 23" LG LED Monitor IPS231B-BN

Device Type23" LED-backlit LCD monitor
Built-in DevicesStereo speakers
Panel TypeIPS
Aspect RatioWidescreen - 16:9
Native ResolutionFullHD 1920 x 1080
Pixel Pitch0.265 mm
Brightness250 cd/m2
Contrast Ratio5000000:1 (dynamic)
Response Time5 ms
Color Support16.7 million colors
Input ConnectorsDVI-D, VGA
Warranty3 Year LG Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your 23" LG LED Monitor IPS231B-BN today!

Buy of the Week offer valid through July 27th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 7/27/12. Please check top banner ad for our current deal.

Thursday, July 19, 2012

What the Android.Dropdialer Trojan Taught Us: Check Permissions & Install Process

If we learned anything from the malicious apps that were most recently pulled from Google Play, it’s that we should not only pay close attention an app’s permissions, but the installation process as well.

Last week, Symantec researchers discovered two malicious apps in the Google Play store titled “Super Mario Bros” and “GTA 3 Moscow City.” Both apps managed to remain available for over two weeks and were downloaded 50,000 – 100,000 times.

But how did this malware, which Symantec identified as Android.Dropdialer, slip past Google’s app-scanning Bouncer?

Instead of pushing one payload that contains all of the malicious code, the author of the apps broke the payload into separate modules that could be delivered independently. This allowed the Trojan apps to get the OK during the QA screening process since the offending piece of the app hadn’t been downloaded just yet.

How it Works

When users downloaded the Android.Dropdilaler Trojan app, they would view and accept an initial set of app permissions that seem safe, and the app would download and be installed. That’s when the real fun began.

Android Dropdialer Installation Process

After being successfully installed, an additional package named ‘Activator.apk’ would be downloaded from Dropbox.

The user would be prompted again to accept the permissions of the new app, one of which is to use services that cost you money. That’s no real surprise since the entire attack revolves around sending SMS messages to a premium-rate number.

Once the SMS message has been fired off, the Trojan will prompt the user to uninstall the secondary SMS-sending payload in an attempt to hide its true intentions.

So, the next time you download an app, make sure you keep an eye out for any suspicious permissions or screens that may attempt to trick you into downloading additional files.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Monday, July 16, 2012

LinkedIn Spam Asks to Share Your Contacts, Links to Rx Sites

LinkedInIs someone from LinkedIn really interested in posting your contact information on their website?

It’s quite an odd request, and I’m not sure if I’d be all that comfortable with some random person placing my contact information on their website.  I do appreciate the fact that I was asked for permission first, though.

Either way, I won’t have to worry all that much – and neither will you – as it’s not a legitimate request, but one meant to piqué your interest just enough for you to click without thinking to look at the destination URL first.

How else would spammers get you to visit their pharmacy sites?

With that said, if you receive an email like the one below, don’t click on any links.

LinkedIn 'Can I share your contacts?' Spam

From: Sharon Bennett via LinkedIn (member@linkedin.com)
Subject: Can I place your contacts on my site?


Sharon Bennett has sent you a message.

Date: 07/15/2012

Subject: Can i place your contacts on my site?

Can i place your contacts on my site?

View/reply to this message

Don't want to receive e-mail notifications? Adjust your message settings.

© 2012, LinkedIn Corporation

If you do, you will be directed to a Canadian Rx website, not LinkedIn. Big surprise, right?

What to do with LinkedIn Spam

  • Avoid clicking on any links or downloading any attached files.

  • Report the email via SpamCop or LinkedIn (via abuse@linkedin.com).

  • Delete the email immediately.

Have you received any LinkedIn spam emails lately?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Friday, July 13, 2012

Buy of the Week: Lexmark X364dn Multifunction Printer for $539!

This offer expired on 7/20/12. Please check top banner ad for our current deal.

Lexmark X364dnA complete multifunction office solution, the Lexmark X364dn MFP gives you rapid output speeds up to 35 ppm, as well as high-resolution duplex scanning and high-speed faxing.

Best of all, it can help you save costs and enhance productivity thanks to a wide range of efficiency-boosting features, such as a 50-sheet automatic document feeder, a front-side port for direct USB printing, and the ability to scan documents straight to email.

Until July 20th, 2012, you can order a new Lexmark X364dn Multifunction Printer  from Hyphenet for only $539, plus shipping!

Specifications for Lexmark X364dn Multifunction Printer

Device TypeFax / Copier / Printer / Scanner
Copier TypeDigital
Fax TypeSuper G3 - plain paper
Printing TechnologyLaser (monochrome)
Monthly Duty Cycle80,000 pages (max)
Copy SpeedUp to 35 ppm
Print SpeedUp to 35 ppm
Max Print ResUp to 1200 x 1200 dpi
Max Fax
Transmission Speed 
33.6 Kpbs
Automatic DuplexerYes (copy & print)
PC ConnectionHi-Speed USB,
Ethernet 10 Base-T/100 Base-TX,
USB host
Warranty3 Year HP Limited Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your Lexmark X364dn Multifunction Printer today!

Buy of the Week offer valid through July 20th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 7/20/12. Please check top banner ad for our current deal.

Phishing Email Wants Your Chase.com Username and Password

Chase Did you get an email from Chase stating that they’ve locked your account due to suspicious failed login attempts and in order to “re-activate your online banking access” you will need to click their handy-dandy link & login to your account?

Don’t click any links, and definitely do NOT provide your Chase username and password.

Despite what the clean layout, Chase logo and bogus logins with IP addresses that match their location information may lead you to believe, that email did NOT come from Chase, but a cybercriminal looking for a quick buck.

Chase Phishing Email

From: Chase Online (smrfs@chaseonline.com)
Subject: Verification of Recent Activities Required


URGENT: Verification of Recent Activities Required

Your Chase Bank Account

Dear Customer:

As part of our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity. We need to confirm that you or someone authorized to use your account made the following sign in error attempt on your Chase Bank account:

1) Sign in Error Attempt was noticed and registered at Chantilly, Virginia United State on or around 2012-07-11 at 05:01AM.

2) Sign in Error Attempt was noticed and registered at Commack, New York United State on or around 2012-07-11 at 8:30PM.

3) Sign in Error Attempt was noticed and registered at Delray Beach, Florida United State on or around 2012-07-11 at 8:20PM.

4) Sign in Error Attempt was noticed and registered at, Egg Harbor Township, New Jersey, United States on or around 2012-07-11 at 6:39AM.

Please click on the link below to sign in correctly to re-activate your online banking access:


Your satisfaction is important to us, and we appreciate your prompt attention to this matter. If you already had the opportunity to discuss this matter with us, please disregard this message.

Thank you for being our customer.


Christopher J. Palumbo
Senior Vice President
Chase Fraud Prevention

E-mail Security Information
E-mail intended for: Addressed Chase Bank Customer.

If you are concerned about the authenticity of this message, please   click here   or call the phone number on the back of your debit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here.

Note:   If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing   www.chase.com   directly into your browser.

JPMorgan Chase Bank, N.A.

Update 7/18/12: Here's another phishing email I received today:

From: marble1961@aol.com
Subject: Irregular Activity Detected In Your Chase Account

Chase logo
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of
your JP Morgan Online® Banking Account registration information :

To get started, please click the link below:


JP Morgan® Banking Department

Upon clicking the link, victims of this scam will be redirected to a third-party website dressed up to look like Chase.com – complete with a login form and all. (You can safely check out the page on phishtank.)

Naturally, any username and passwords submitted on the page will be sent off to the miscreants that setup this scam. I’ll leave it up to you to imagine what they might do with that information (sell it or use it).

What to Do If You Receive Chase Phishing Emails

Should a phisher cast their line into your email inbox, we recommend that you:

  • Do NOT click on any links within the email.

  • Do NOT provide your Chase.com username and password – let alone any other personal or financial information.

  • Report the email to Chase by forwarding it to abuse@chase.com.

  • Delete the email immediately.

As a side note, it's always a good idea to type the URL of the website you wish to visit directly into your browser's address bar (or use your browser bookmark) instead of clicking on email links. Doing so will help you easily side-step phishing attempts like this one.

If you know anyone that banks with Chase, be sure to give them a head’s up about this scam so they don’t fall for it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Thursday, July 12, 2012

RE/MAX Phishing Emails Want to Steal Your Email Login


Users should be aware of an ongoing phishing email campaign that’s exploiting the RE/MAX brand name in an attempt to steal email login credentials.

According to BarracudaLabs, the attack begins with the user receiving an email inviting them to visit an alleged RE/MAX agent website in order to view properties that are currently listed for sale.

There are multiple email variants going around – all of which are written in very poor English – and they sometimes appear to come from “remax.com” or “remax.net” email addresses.
Subject: Remax Alert Notification
We invite you to check out our available properties. They are affordable,at good locations and we have properties all around the world, You can also buy on mortgage. We also offer buying, Selling,Lease and renting of properties to suite your needs all can be acquired on mortgage.

Please click on the option below to access our available properties.

Click here to continue

Thank you!

Subject: You have 1 new important message

Check out the latest and available properties, CLICK HERE.for immediate access.
Please sign on with your email.


Subject: Real Estate Investment

We invite you to check out our available properties. They are affordable,at good locations and we have properties all around the world, You can also buy on mortgage. We also offer buying, Selling,Lease and renting of properties to suite your needs all can be acquired on mortgage.
To access our available properties please login with your Email and Password by clicking the link below.

Attention: These available properties are only for a limited time, so do not delay – this offer will not last forever.

Click here to continue...

© Each Office Independently Owned and Operated.
RE/MAX, LLC ? is an Equal Opportunity Employer and supports the Fair Housing Act.
? 2012 RE/MAX, LLC. All Rights Reserved.

Subject: New Properties Listed


Check out our latest and available properties, CLICK HERE, and log in with your email. Remax Estate. 30% Discount!

Real Estate
Adams Williams Realtor’s.

Additional subject lines used include:

  • RE: Check New Properties Around You

  • RE: check out this remax listings in your area

  • RE: Hot Property Alert!

Each link within the email will direct users to a compromised website that instructs them to select their email provider before presenting them with a dialog to enter their email account login and password. To no surprise, BarracudaLabs researchers warn that any login details provided by the user will immediately be sent off to the cybercrooks.

RE/MAX is aware of this scam and they have posted a warning on their website.

What to Do with RE/MAX Phishing Emails

If you happen to receive one of these phishing emails, it is advised that you:

  • Do NOT click on any links embedded in the email.

  • Do NOT provide your email address and/or password.

  • Report any suspicious e-mails that use the RE/MAX name or logo to abuse@remax.net.

  • Delete the email.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Wednesday, July 11, 2012

Dangers of Plugging a Lost USB Flash Drive into Your PC

USB Flash DriveWhat would you do if you found a USB flash drive in your company parking lot?

Would you turn it in to a receptionist – or possibly lost & found – in hopes that it somehow finds its way back to its original owner? Or would you let curiosity get the best of you by rummaging through the files first?

Anyone that opted to do the latter would learn first-hand that curiosity not only killed the cat, but lead to a computer infection as well.

When an employee at DSM, a multinational chemical company based in the Netherlands, stumbled upon a lonesome USB flash drive in the business parking lot, they took a pass on taking a peek and turned it into the IT department.

This decision turned out to be a very good one, considering the IT staff discovered that the thumb drive contained spyware configured to steal usernames and passwords and relay them to a command & control server.

As a result, a warning was quickly issued, any other “lost” USB flash drives were collected, and the company completely shut the door on any possibility of the bad guys nabbing login credentials by blocking the IP addresses of the command & control servers that the malware communicated with.

Although this particular malware attack was unsuccessful, it serves as a reminder that users should be cautious when plugging removable storage devices to their computers. Even if the flash drive was indeed lost, there’s still a very good chance it has malware on it anyway.

To minimize the possibility of having their computers infected with malware lurking on a USB flash drive, it's recommended that users:

  • Disable Autorun in Windows.

  • Scan the devices with your antivirus software – regardless of what operating system you use.

  • Open the USB drive with a virtual machine.

Image Credit: Peter Hosey

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Tuesday, July 10, 2012

Android Trojan Targets European Bankers

Android TrojanResearchers over at Trusteer have stumbled upon the first Tatanga-based man in the mobile (MITMO) attack as well as a new SPITMO (SpyEye in the mobile) configuration currently targeting bank users in Germany, the Netherlands, Portugal and Spain.

In the attack, both variants of the SPITMO and Tatanga MITMO malware inject HTML pages in the user’s computer web browser to trick them into installing bogus bank security applications on their smartphones.

The user is first to select their phone’s operating system from a drop-down menu:

  • iOS (iPhone)

  • BlackBerry

  • Android

  • Symbian (Nokia)

  • Other

Since majority of the attacks carried out focus on Android, if the victim selects another operating system they will be told that no further action is necessary.

SPITMO Prompting User to Select Smartphone OS

Screenshot of form injected to capture the victim's mobile OS.
Image Credit: Trusteer

Should the user select Android, they will be prompted to provide their cellphone number and subsequently sent a link via text message to download the “security app.”  (Trusteer noted that BlackBerry users are also sometimes instructed to download the fake app, however nothing is actually installed on the device.)

Once the malware has been successfully planted on the victim’s Android phone, all SMS traffic – including transaction authorization codes sent by the bank to the victim via SMS – will be forwarded to the cybercriminals. Armed with the security codes necessary to bypass SMS-based out-of-band authorization systems, the cyberthieves can initiate fraudulent transfers and drain the victim’s bank account as they please.

While these attacks are aimed at Windows users in European countries, cybercriminals can easily turn their focus to the U.S. – or any other country – at any given moment.

Keeping your computer’s operating system patched and up-to-date and running antivirus software will minimize any chances of your system becoming infected with malware like SpyEye or even ZeuS, both of which have web injection capabilities.

Aside from avoiding malware on PCs, users should always exercise caution when urged to download apps onto their smartphones. Always do your homework to verify that the app is legitimate by checking the developer’s name, number of downloads, app reviews and requested app permissions before installing.

Typically companies will direct their users to their device’s official app store to complete the installation, so if your bank is prompting you to download an app from some random third-party site, you may want to call your bank to check if it’s legitimate first.

For more information and additional screenshots related to this ongoing threat, check out Trusteer's blog post.

Image Credit: Geeky-gadgets.com

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Monday, July 9, 2012

Malware Dresses Up as Skype for Android, Racks Up Expensive SMS Bill

Skype for AndroidIf you were looking to download Skype for Android, make sure that you download it from the Google Play store and not some random third-party website.

TrendMicro researchers discovered that cybercriminals have created websites offering fake Skype mobile apps to Android users in attempt to plant premium-rate SMS malware on their phones.

Thankfully it should be easy to avoid these fake sites as they are hosted on Russian domains (.ru), although the malware posing as Skype apps are downloaded from a Nigerian-based domain (.ne).

Even though the websites advertise different versions of the Skype app for Android, each download link points to the same malicious .JAR file (.APK files are the expected file format for Android apps).

TrendMicro researchers wrote that the .JAR file is a Java MIDlet that poses as an installer of Skype for the Android platform and only executes on older Symbian phones and Android devices that run Java MIDlet (a third-party app is necessary to allow Android to run Java MIDlet).

If the malware is successfully executed, the user is displayed two messages before ultimately being directed to a URL that fires off SMS messages to premium rate numbers, generating revenue for the bad guys.

TrendMicro has labeled this malware threat as JAVA_SMSSEND.AB.

Users can steer clear of this threat by downloading apps from the Google Play store or another trusted Android marketplace. Regardless of where you download the Android app from, always make sure you  check the # of downloads, user reviews and permissions before clicking that final ‘Download & Install’ button!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

How to Get Rid of the ‘View today’s photo of the day!’ Posts on Facebook

Over the last few weeks, I’ve noticed an increasing number of random posts offering me the opportunity to ‘View today’s photo of the day!’ in my Facebook news feed.

"View today’s photo of the day" App Spam

I knew that these were spam posts, but I wasn’t sure how they were appearing on my news feed.

Naturally, my first instinct was to check what apps were installed on my personal profile – after all, I play my fair share of games on Facebook – however, none of my apps matched the name of the one that appeared to be making these posts.

So, what’s the deal with these mystery spam posts then?

Well, the problem is that one of your Facebook pals has installed an app that has gone rogue.

If you happen to click the option to view the photo, you will be taken to a page offering the option to install that very same app that’s responsible for the spam posts, which in this case is an app named ‘Get Revealed’:

Get Revealed Facebook App Permissions

Get Revealed App Question PageThe goal of the app is to give you random yes/no questions to answer about your friends and prompt you to post a vague message on their Wall saying you answered a question about them. However, your friend can’t view your answer unless they install the app and enter a never-ending cycle of having to answer questions about THEIR friends and post messages to THEIR Walls until they earn (or purchase) enough credits to ‘unlock’ whatever answers you (and other) friends have submitted about them.

As you can see, there’s a nice warning on the very first page that ‘This app may post on your behalf, including questions you answered and more.’ So, the app has every intention of annoying your friends one way or another, whether it is with the vague posts that you willingly publish after answering a question or the ‘view the photo of the day’ posts it spits out whenever it feels the need to do so.

Other apps that partake in the annoying ‘View photo/picture of the day!’ posts are:

  • All Truths About You

  • Truth Game

  • Get Revealed (featured)

How do I get rid of the ‘View today’s photo of the day!’ posts?

If you are seeing these spam posts, you have a few ways to go about getting rid of them:

  • Notify your friend that they have a spam-spewing app attached to their Facebook profile and kindly ask that they remove it by going to their Facebook Account Settings, clicking Apps in the left navigation and clicking the ‘x’ next to whatever app is causing it (the post will say ‘via [APP NAME]’, so you can tell them the name of the app that needs to be removed).

  • Report the App for spamming by clicking the app’s name and then clicking the ‘Report App’ link.

  • Hide all stories posted by the app (regardless of who has it installed) by clicking the arrow next to the spam post and selecting ‘Hide all from [APP NAME]’.

  • You can also mark each individual post made by the app as spam by clicking the arrow next to the post and selecting ‘Report story or spam’.

If you notice any other apps posting these spam messages, feel free to name them in the comments.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Friday, July 6, 2012

Buy a HP Compaq 8200 Elite All-in-One PC for $982!

This offer expired on 7/13/12. Please see top banner ad for our current deal.

HP Compaq 8200 Elite All-in-One PCThis powerful all-in-one desktop HP Compaq Elite Series provides enterprise-class computing with reliability, manageability, and stability features.

Until July 13th, 2012, you can order a new HP Compaq 8200 Elite All-in-One PC  from Hyphenet for only $982, plus shipping!

Specifications for HP Compaq 8200 Elite All-in-One PC

Display23" Widescreen WLED-backlight
1920 x 1080 (Full HD)
ProcessorIntel Core i5 2400S / 2.5 GHz ( Quad-Core )
Storage500 GB HDD (7200 RPM)
Optical StorageDVD±RW (±R DL) / DVD-RAM
GraphicsIntel HD Graphics 2000
Dynamic Video Memory Technology
Gigabit Ethernet
CameraIntegrated 1.3 megapixel webcam
SoundIntegrated soundcard,
Connection / Expansion6 x Hi-Speed USB - 4 pin USB Type A ( 2 front, 4 rear )
1 x headphones - output - mini-phone stereo 3.5 mm
1 x microphone - input - mini-phone 3.5 mm
1 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45
1 x audio - line-out - mini-phone stereo 3.5 mm
Operating SystemWindows 7 Pro 64-bit
Warranty3 Year HP Limited Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your HP Compaq 8200 Elite All-in-One PC today!

Buy of the Week offer valid through July 13th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 7/13/12. Please see top banner ad for our current deal.

Spammers Celebrate Dalai Lama’s 77th Birthday with Malicious Emails

Dalai LamaToday is the current Dalai Lama's 77th birthday.

For the past three days, spammers have been attempting to infect the computers of his supporters with malware  by pumping out emails discussing birthday celebrations.

Researchers at Kaspersky Lab wrote that the emails are titled “Dalai Lama’s birthday on July 6 to be low-key affair” and contain a malicious Word doc file with the same name.

Once the attached .doc file is opened, it exploits a [patched] vulnerability within Windows Common Controls to open a backdoor, allowing components of malware detected as Trojan.Win32.Midhos to be dropped and installed on the victim machine.

Fake Dalai Lama articleThe backdoor will attempt to connect to a remote server to retrieve additional instructions. Kaspersky Lab noted that the command & control server’s IP address matches the one used in a previous attack that targeted Mac users. It seems they didn't want to leave Windows users out of the "fun."

Should the attack be successful, the user will be presented with a "fake" document containing an article plucked from the Indian newspaper, “The Tribune, Chandigarh.”

To protect their machines, users should:

  • Avoid downloading or opening files attached to emails from unknown sources.

  • Keep Windows fully patched and up-to-date by applying updates from Microsoft.

  • Run antivirus software that offers real-time scanning and make sure the virus definitions are kept current.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Thursday, July 5, 2012

New W32.Gammima.AG Variant Goes After Diablo 3 Accounts

Diablo 3Are you a Diablo 3 player?

Make sure you keep your operating system up-to-date and the virus definitions for your antivirus software of choice current.

Symantec researchers have identified a new W32.Gammima.AG variant that intercepts Diablo III communications to help thieves gather the login credentials they need to hijack player accounts.

Of course, the reason for this new & improved version of the malware is most likely due to the Real Money Auction House, which allows D3 players to use real money to purchase game items and gold.

W32.Gammima.AG’s focus isn’t limited to just Diablo 3, either. Gamers that play Arad, Lineage, Maple Story, The Kingdom of the Winds and World of Warcraft are also said to be targeted as well.

Researchers didn't disclose how they encountered the malware, but Gammima is known to spread through local drives and copy itself to removable storage devices. It's always wise to watch what you download and take the necessary precautions to protect yourself against drive-by-downloads.

Protect Your Diablo 3 Account

To protect their gaming accounts from cybercriminals, Symantec recommends that users:

  • Keep their computer operating system fully patched and up-to-date.

  • Run antivirus software and keep the virus definitions current.

  • Use the account protection features offered by Blizzard Entertainment, which include Battle.net Authenticators (mobile app or physical key-chain) and option to receive SMS alerts of account changes. Blizzard requires the use of an authenticator to add/remove money to your Battle.net account balance anyway.

I personally have been using the Battle.net Authenticator mobile app since I first started playing, despite not having any intention to use the Real Money Auction House and it’s not that much of a pain to enter the code during login. Better to be safe than sorry!

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Tuesday, July 3, 2012

Please Stop Posting Pictures Of Your Debit/Credit Card on Twitter

Rich Twitter bird

Apparently "thinking before you post" is not a practice used by all, as people have found the need to take pictures of their new debit/credit card and post them on Twitter for all to see.

And just like people setup websites to stress how important it is to watch what you say on Facebook, someone has taken the liberty of creating a Twitter account dedicated to retweeting  tweets that mention a credit/debit card and include a picture.

Stop tweeting pictures of your debit/credit cards.As of this writing, @NeedADebitCard features 34 re-tweets and hails a good 6,000+ followers. There’s no telling how many soon-to-be identity thieves lurk within that number, but there’s a good chance they’re in there somewhere.

But, really, cyber thieves aside: what is the deal here, people? Why do you feel so compelled to take a picture of your credit/debit card and post it online for the world to see?

If there’s anything that should have been taken from the lesson that 35-year old Christopher Chaney taught us when he hacked into the email accounts of a string of celebrities, including Scarlett Johansson, Christina Aguilera, Mila Kunis and others, is that we need to be very careful about what information we share online.

After all, it was the social network profiles of said celebrities that allowed Chaney to correctly guess the security questions to their email accounts and help himself to all of the risqué information stored within them.

Given the fact that you’re sharing photos of your debit/credit card, I’d say it’s safe to assume that you’re exposing more than enough information to have the exact same thing happen to you.

According to the WSJ, 12 million Americans were hit with identity fraud in 2011. That’s a 13% jump from the previous year, and it’s all thanks to our growing use of social networking sites (*coughthatwesharetoomuchinformationoncough*), smartphones and an increase in security breaches.

So it's important that you be careful of what information you share online. You never know who’s sitting on the other side of the computer screen reading your tweets or posts.

With that, I will leave this topic by re-iterating @NeedADebitCard's request that you “please quit posting pictures of your debit cards, people.”

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.