Friday, September 28, 2012

Buy of the Week: Intel Core i7 2700K / 3.5 GHz Processor for $348!

This deal expired on 10/5/12; check top banner ad for active deals.

Intel Core i7 2700K Processor - BX80623I72700KWith faster, intelligent, multi-core technology that applies processing power where it's needed most, Intel Core i7 processors deliver an incredible breakthrough in PC performance. They are the best desktop processors on the planet.

You'll multitask applications faster and unleash incredible digital media creation. And you'll experience maximum performance for everything you do.

Until October 5th, 2012, you can order a Intel Core i7 2700K /3.5 GHz Processor from Hyphenet for only $348, plus shipping!

Specifications for Intel Core i7 2700K Processor

























































MFR#:BX80623I72700K
Processor TypeIntel Core i7 2700K (2nd Gen)
Number of CoresQuad-Core
64-bit ComputingYes
Integrated GraphicsIntel HD Graphics P3000
Compatible Processor SocketLGA1155 Socket
Processor Qty1
Clock Speed3.5 GHz
Max Turbo Speed3.9 GHz
Manufacturing Process32 nm
FeaturesEnhanced SpeedStep technology,
Hyper-Threading Technology,
Integrated memory controller,
Execute Disable Bit capability,
Intel Virtualization Technology,
Intel 64 Technology,
streaming SIMD extensions 4.1,
streaming SIMD extensions 4.2,
Intel Fast Memory Access,
Intel Flex Memory Access,
Intel Turbo Boost Technology 2.0,
Intel Advanced Vector Extensions (AVX),
Intel AES New Instructions (AES-NI)
Compatible Slots1 x processor - LGA1155 Socket
Warranty3-Year Intel Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order Intel Core i7 2700K Processor today!


Buy of the Week offer valid through October 5th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This deal expired on 10/5/12; check top banner ad for active deals.

Spammers Give Fake BBB Complaint Notices Another Go

BBB - Better Business BureauOnce again, spammers are exploiting the trusted Better Business Bureau (BBB) brand in order to trick users into visiting booby-trapped websites.

The attack starts with an email claiming that a complaint was filed with the BBB accusing the recipient’s company of part-taking in check cashing and money order scams.

Although the email carries the official BBB logo and sometimes comes from a spoofed bbb.org email address,  it is riddled with grammatical errors – a common trait of spam / phishing emails.

BBB Spam - Check Cash / Money Order Scam



Better Business Bureau

Start with Trust

Dear business owner, we have received a complaint about your company possibly involvement in check cashing and Money Order Scam.

You are asked to provide response to this complaint within 7 days.

Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.

Complaint ID#XXXXXXXX

Council of Better Business Bureau
3033 Wilson Blvd, Suite 600
Arlington, VA 22201
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Links within the email do not point to the Better Business Bureau website, but a third-party site hosting the widely-used BlackHole exploit kit.  The user will be presented with a blank page reading, “WAIT PLEASE. Loading… “ while the BlackHole exploit kit works silently in the background, attempting to exploit  system vulnerabilities to install malware on the visiting PC.

According to Websense, subject lines associated with this malware spam campaign include:

  • BBB Case #XXXXXXX

  • BBB Complaint activity report

  • BBB - Read Your Customer Review


What to Do with BBB Phishing Emails


Did you receive a suspicious looking email purporting to be from the BBB?

  • Do not click on any links or download files attached to the email.

  • Report the email to the Better Business Bureau by forwarding it to phishing@council.bbb.org.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, September 27, 2012

Happy 14th Birthday, Google!

Google turned 14 today. It's kind of crazy, isn't it?

As usual, Google has decided to celebrate with a doodle featuring a virtual chocolate cake complete with 14 candles that flicker momentarily before going out and dropping down below to make room for Google's name to appear.

Google's 14th Birthday Doodle

It's pretty cute!

Happy Birthday, Google!

Check out this post to see past doodles that made the main page on Google's birthday.

 

Second Life Users Targeted by Survey Scam Offering 2500 L$

Second LifeSecond Life users should be wary of any offers to take surveys in exchange for Linden dollars (L$),  the game’s internal currency.

Chris Boyd of GFI Labs recently stumbled across a website that offered 2500 L$ to Second Life users that were willing to dedicate a few moments of their time to completing a “survey.”

Considering that the website was “peppered with broken English” and users were prompted to supply their credit card information before starting the survey, it really wasn’t a surprise that there was no survey or 2500 L$ reward.

 Second Life Phishing Scam Page
Screenshot Credit: GFI Labs


Unfortunately, should a user not catch the warning signs (bad English, upfront request for payment information, incorrect reference to "$L" vs. "L$", etc.), their credit card information will be sent off to the scammers and they will be redirected to a page claiming that their card was declined:
“Your Credit Card Was Declined! Please Try Another Or Back to Linden Lab.”

Hopefully the victim will decide to back out of the survey versus trying another card.

Boyd stated that the specific phishing page he encountered has since been removed, but warns that the scammers can easily generate a new phishing site at any time. Second Life users are urged to remain vigilant when faced with similar offers.

Always remember:  if something appears to be good to be true, it usually is!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Bill Me Later Spam Warns of Bogus Debt to Spread Trojan

Bill Me LaterIf you receive a rather threatening email claiming to be from Bill Me Later in regards to an outstanding debt, don’t be too alarmed – it is merely an attempt to infect your PC with malware.

Spammers are hoping that users will be too distracted with threats of legal action, additional fees, and property seizure to notice that the email is coming from a mistyped “billmelateEr.com” email address - causing the recipient to make a hasty decision that involves them doing whatever is necessary to pay off their alleged debt.

 

Ebay Bill Me Later Debt Spam



From: Ebay (online@billmelateer.com)
Subject: You must immediately pay off the debt! #id5428

Hello,

We have notified you several times about your debt to Bill Me Later.

In the even that you fail to voluntary satisfy our requirements for payment of your debts to Bill Me Later, we will have to turn to the court with the purpose of enforced collection of the debt, which may entail additional expenses for you, for example, the expenses in the amount of state duty, the cost of representative’s services for the compearance, the compensatory interest for the use or detention of money for each day of delay, and the execution fee. Furthermore, in accordance with applicable law, you may be restricted from traveling outside the territory of the country, and your property may be seized.

Based on the foregoing we offer you to pay the debt in the amount of $349.00 in one of the following ways within 10 days.

Thank you,
Bill Me Later.

It is assumed that in order for the user to go about paying off their alleged "debt" that they would have to download the malicious file attachment, INVOICE_FORM_ID41801.zip, containing malware Sophos identifies as Troj/Invo-Zip.

INVOICE_FORM_ID41801.zip VirusTotal Scan ResultsThat's when the real fun begins.

Once it has made its way onto your machine, Troj/Invo-Zip will drop additional malware for you to play with.  It is important to note that only 2/43 antivirus programs can detect this threat, according to the scan report from VirusTotal (see screenshot on the right).

How to Spot Fake Bill Me Later Emails


For the record, Bill Me Later has stated on their website that legitimate emails from them will never include an attachment. Other common characteristics of fraudulent emails include:

  1. Generic Greetings / Introductions

  2. Typos & Poor Grammar

  3. False Sense of Urgency

  4. Fake Links

  5. Attachments


Furthermore, legitimate emails will include a piece of information that identifies you and/or your account, such as your first/last name or the last 4 digits of your Bill Me Later account number.

What to Do with Bill Me Later Phishing Emails


If you receive an email similar to the one shown above, it is recommended that you:

  • Avoid downloading any attached files or clicking any embedded links.

  • Report the email to Bill Me Later by forwarding it to spoof@billmelater.com. (Do not edit  it in any way)

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, September 26, 2012

New OSX/Imuler.B Variant Spotted by Researchers

Warning Apple LogoResearchers over at F-Secure have recently discovered a new variant of the data-stealing Mac malware, OSX/Imuler.B, which is believed to be targeting Tibetan rights activists.

F-Secure researchers say that the latest Imuler.B variant is similar to its predecessor, OSX/Imuler.A; however the new build is configured to “exit” if Wireshark, a popular network protocol analyzer, is detected on the target machine.

Imuler.B exits if Wireshark is found
Screenshot Credit: F-Secure


Aside from setting Imuler.B to dodge Wireshark, the malware’s authors optimized the code and switched the command and control server to ouchmen.com.

Should Imuler.B manage to find its way onto your machine, it will steal system information and take desktop screenshots as it is instructed via its command and control server.  Any data collected by the malware will then be relayed back to the command and control servers, at which point the attackers can use it as they please.

F-Secure didn't say how they came across the new variant, but earlier this year Sophos found that cybercriminals were using pictures of swimwear models to spread Imuler malware, so Mac users are advised to exercise caution when downloading files online to avoid infection.

Aside from that, it’s always a good idea to run antivirus software, even on a Mac. Sure, threats targeting OS X may not be as common as they are on Windows, but they do exist and it’s always better to be safe than sorry.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Researchers Find Yet Another Zero-Day Java Flaw

Java Flaw WarningSecurity researchers at Polish firm Security Explorations announced that they have found yet another security vulnerability in Oracle’s Java SE software that would allow a malicious attacker to gain complete control of a user’s system.

The new exploit affects Java SE 5, 6, and 7, which means over a billion PCs are at risk if Oracle’s reported number desktops running Java are accurate.

According to Adam Gowdiak of Security Explorations, all tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system using Firefox, Chrome, Internet Explorer, Opera and Safari, but that doesn’t mean other operating systems are safe.

As Gowdiak explained to Computer World, “We simply did our test on Windows 7 32-bit. But, it does not matter because all operating systems supported by Oracle Java SE (such as Windows, Linux, Solaris, MacOS) are vulnerable as long as they have Java 5, 6 or 7 installed and enabled.”

The new bug marks the 50th security flaw that Security Explorations has discovered within Java, and they have already submitted a technical description of the issue “along with a source and binary codes of our Proof of Concept code demonstrating a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7” to Oracle for review.

So far, Oracle has not commented on this new exploit.

For those who are wondering (and you should be), there is no proof that this flaw is being actively exploited in-the-wild at this time, however, the clock is ticking. Let's not also forget that Oracle has yet to close the security holes present in their most recent out-of-band patch, which was issued to fix the last Java zero-day to make headlines.

Once again, if you don't need Java on your PC, remove it. If you do need Java, then it's best you dedicate a single browser to handle all of your Java-enabled website browsing, and disable the plug-in in your remaining web browsers.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet“Like” us on Facebook or add us to your circle on Google+.

Tuesday, September 25, 2012

Safety in the Home: Safeguarding your Child's Internet Searches

Young Child Supervised While Using PCDespite our grandest efforts, there is no way we can fully protect our children from every negative, harmful thing out there on the Internet.

I have tried time and time again to integrate secure-search settings on my family's computer only to find they are either too restrictive or not restrictive enough. Even though I'm fully aware there are going to be times when my children will be exposed to things that aren't appropriate, that doesn't mean I've given up all my efforts to protect them on the Internet.

If you have a child who actively uses the Internet, here are three things you can do to make sure they are safely navigating the Internet.

Search with them


The first few times I let my children use the Internet, I made sure to stay with them the whole time. No, I wasn't just keeping an eye on them; I was also taking an opportunity to teach my children how to safely use the Internet. I wanted them to know about the dangers of Internet searches, sexual predators, and Internet downloads.

At first, they voiced their frustrations about my needing to be there for each of their Internet sessions, but they eventually started appreciating my Internet-safety lessons. Nowadays, I let my children handle their own Internet searches because I trust they've learned a great deal from all that I taught them in those first few Internet sessions.

Track their Internet searches


There are a number of programs you can invest in to make sure you're children aren't engaging in unsafe Internet searches.I've heard a number of friends recommend McGruff's Safeguard, but I haven't personally used it. Most of the time, I'll just check the most recent search history on my computer, since my children aren't aware of how to clear the history.

If you're worried your children might engage in unsafe Internet searches, however, go ahead install a program on your computer to keep tabs on your children's searches. Not only will this calm your nerves, it will also be a way for you to calmly confront your children without them being able to deny any evidence.

Activate the right safety controls


I'm not the biggest fan of safety controls. Not only do they hinder successful Internet searches, but sometimes they overextend themselves. Although these settings have the best intentions at heart, they walk a fine line between being helpful and just plain annoying.

If you're absolutely set on using safety settings, however, the best way to find the right safety controls is to test drive various settings. Should you activate a setting that prevents your children from visiting basic, necessary websites, lessen up the grip a little more. Just keep playing with the settings until you find the right fit for you and your children.

If you haven't already, always keep an eye on what your children are looking for on the Web. See how these three tips can help you in your endeavors.

This guest post is compliments of Silvia Brooks, a busy mother who keeps a watchful eye over her children. She contributes to HomeSecurity.org and is passionate about empowering families to take control of their safety by investing in quality home security technology. You can reach out to Silvia by leaving a comment.

Monday, September 24, 2012

Researchers Discover E-Store Selling Stolen Credit Card Information

What do cybercriminals do with stolen credit card data?

While the obvious answer may be “use it to purchase whatever they want,” we are forgetting another route cyber-thieves can take: selling that stolen data to others.

Researchers over at Webroot have stumbled upon an online store that appears to be focused solely on selling stolen credit card information to anyone that’s willing to take the risk.

According to Webroot’s Dancho Danchev, the site appears to be well put together for the most part, complete with a “well-developed” search engine that helps fraudsters find exactly what they’re looking for.

“The service is currently offering 9,132 stolen credit cards for sale, and has already managed to sell 3292 credit cards to prospective cybercriminals.” Danchev revealed in a blog post on Monday.

Professional Looking eStore Offers Stolen Credit Card DataScreenshot Credit: Webroot


Fees for card information vary depending on the card type: Debit cards go for just $16 while credit cards fetch $30 or more. Discounts are promised to those that purchase the data in bulk.

Fraudsters appear to be satisfied with the sales price and have already snatched up the information for 3,292 cards.

As to why the e-store owner opted to sell the stolen data opposed to use it, Danchev says that answer is surprisingly simple. “The practice is called “risk forwarding” which intersects with the e-shop owner’s desire to achieve instant financial liquidity of his assets, “ Danchev explained. “Instead of manually verifying the balance of the cards, he’s focused on bulk orders and forwarding the risk of getting caught to the prospective customers of his services.”

Photo Credit: 401(k)2012

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet“Like” us on Facebook or add us to your circle on Google+.

Friday, September 21, 2012

Buy of the Week: Logitech S150 Multimedia Speakers for $14!

This offer expired on 9/28/12; check top banner ad for active deals.


Performance and convenience in a compact, stylish notebook speaker set. Enjoy rich, digital USB sound, edgy design, and convenient volume controls. No batteries required. A single USB cable supplies both audio and power. The Logitech S-150 speaker system is the perfect audio companion to your notebook.

Until September 28th, 2012, you can order Logitech S150 Multimedia Speakers from Hyphenet for only $14, plus shipping!

Specifications for Logitech S150 Multimedia Speakers $14!









































Product TypePC multimedia speakers
System Components2 speakers
Nominal Output Power (Total)1.2 Watt
Response Bandwidth90 - 20000 Hz
Audio AmplifierIntegrated
Connectivity TechnologyWired
Interface TypeUSB
ColorBlack
Warranty3-Year Logitech Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order Logitech S150 Multimedia Speakers today!


Buy of the Week offer valid through September 28th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 9/28/12; check top banner ad for active deals.

Thursday, September 20, 2012

Pharmacy Spam Posing as LinkedIn ‘Pending Message’ Reminders

LinkedIn LogoIn the last four days I have received two separate emails purporting to be from LinkedIn notifying me that I have 4 messages pending.

It’s an odd set of emails considering that I already knew that I don’t have any notifications pending (I’m not all that active on LinkedIn) and the email address these messages were being sent to is not tied to my LinkedIn account.

Spammers are (likely) betting that isn’t the case for many recipients, which will bode well for the pharmaceutical websites they’re hoping to generate traffic for.

LinkedIn Reminder Spam



Subject: There are a total of 4 messages awaiting your response

From: LinkedIn Reminders (reminders-noreply@noreply-linkedin.com)

LinkedIn

PENDING MESSAGES
There are a total of 4 messages awaiting your response. Visit your InBox now.

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2012, LinkedIn Corporation.

All of the links within the email point to a third-party website that will redirect you to whatever illegal Rx site that is being promoted that day.

What to do with LinkedIn Spam



  • Avoid clicking on any links or downloading any attached files.

  • Report the email via SpamCop or LinkedIn (via abuse@linkedin.com).

  • Delete the email immediately.


Have you received any fake LinkedIn notices claiming you have notifications pending? Share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet“Like” us on Facebook or add us to your circle on Google+.

Friday, September 14, 2012

Buy of the Week: OCZ Technology Vertex 3 VTX3-25SAT3-120G 120 GB Internal SSD for $110!

This offer expired on 9/21/12. Please check the top banner add for active deals.

OCZ Technology 120 GB SSDWith incredible random 4k file writes up to 60,000 IOPS, this SSD takes productivity, gaming, and multimedia applications to the next level to work in perfect symmetry with the latest enthusiast platforms. This model of the 2.5-inch Vertex 3 (VTX3-25SAT3-120G) offers 120 GB of storage capacity and a 500 MB/s maximum write speed.

Until September 21st, 2012, you can order a new OCZ Technology Vertex 3 VTX3-25SAT3-120G 120 GB Internal SSD from Hyphenet for only $110, plus shipping!

Specifications for OCZ Technology Vertex 3 VTX3-25SAT3-120G 120 GB Internal SSD for $110!









































Product TypeInternal Solid State Drive
SeriesVertex 3
ModelVTX3-25SAT3-120G
Form Factor2.5"
Capacity120 GB
InterfaceSATA III
Dimensions (WxDxH)3.93" x 2.74" x 0.37"
FeaturesMax Read:
up to 550 MB/s (SATA 6Gbps)
up to 280 MB/s (SATA 3Gbps)Max Write:
up to 500 MB/s (SATA 6Gbps)
up to 260 MB/s (SATA 3Gbps)4KB Random Read: 20,000 IOPS (75 MB/s)
4KB Random Write: 60,000 IOPS (235 MB/s)
Maximum 4KB Random Write: 85,000 IOPS (330 MB/s)Sequential Read AS-SSD: 500MB/s
Sequential Write AS-SSD: 155 MB/s4K Random Read AS-SSD: 29,000 IOPS (115 MB/s)
4K Random Write AS-SSD: 38,000 IOPS (150 MB/s)

ECC Recovery: Up to 55 bits correctable per 512-byte sector (BCH)

Support Self-Monitoring, Analysis and ReportingTechnology (S.M.A.R.T.)

Fully compliant with Serial ATA International

Organization: Serial ATA Revision 3.0.Fully compliant with ATA/ATAPI-8StandardNative Command Queuing (NCQ)
Warranty3-Year Limited OCZ Technology Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your OCZ Technology Vertex 3 VTX3-25SAT3-120G 120 GB Internal SSD today!


Buy of the Week offer valid through September 21st, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 9/21/12. Please check the top banner add for active deals.

Two-for-One Spam Targets Both Windows Live and Yahoo Users

Yahoo & Windows Live HybridKill two birds with one stone.

Perhaps that was the thought process when spammers pieced together the following spam message that appears to target both Yahoo and Windows Live users at the same time.

Or maybe spammers are slacking because it’s Friday and they’ve mentally checked out just like the rest of us. Who really knows. Either way, paying a little attention when checking your email can keep you from falling for this (rather sloppy) phishing attempt:

Spam Targets Windows & Yahoo! Users
From: Yahoo! (cc-advoc@yahoo-inc.com)
Subject: Yahoo Alert

Windows Live

Dear Email Client,

We have detected multiple in-correct login attempts into your account, we are obligated to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your login details.

To help speed up this process, please re-Login below.

[LINK]

Windows Live Team

To no surprise, the link within the email pointed to a third-party website – not live.com as the anchor text would lead you to believe – that was likely compromised at some point.  Fortunately, what was likely a fake login page had already been removed, so this particular attack was an all-around bust.

Still, that’s not to say spammers won’t correct their mistakes and get this phishing scam back up & running, so always exercise caution when checking email.

It is always recommended that you type the URL of the website you wish to visit directly into your browser’s address bar versus clicking email links.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Tuesday, September 11, 2012

"Come to the Post Office" FedEx Spam Delivers Trojan Downloader

FedExBrace yourselves for another round of evil FedEx spam!

An email purporting to be from FedEx dropped into my inbox early this morning suggesting that I stop by the postal office to correct an erroneous shipping address. Of course, I am urged to click a link to retrieve the shipping label before doing so.

That sounds safe, right? There’s nothing suspicious about the fact that the entire email is a single JPG image, that I don't recall ever giving FedEx my email address, or that the shipping label link points to a third-party website and not a page on the fedex.com domain, right? *cough*

FedEx Spam



Subject: You should come to the post office
From:  FedEx (international@ussfedex.com)

FedEx
Federal Express

Unfortunately we failed to deliver the postal package you have sent on the 27th of August in time because the recipients’ address is erroneous.

Please print out the label copy attached and collect the package at our office.

Print a shipping Label

Let’s just say you didn’t notice the huge red flags waving in the back of your mind and you did click the link – what would happen?

You would be taken to a malicious third-party site that executes a drive-by-download (via JavaScript) and be prompted to open/save a file named “Label_Copy_Fedex.zip.”

Despite the name, the archive in question doesn't house a handy-dandy shipping label, but malware identified by Microsoft Security Essentials as TrojanDownloader:Win32/Kuluoz.B. As the name suggests, Kuluoz.B will connect to a remote server to download additional malware, which will more than likely be a variant of Winwebsec, a fake antivirus program.

Prevent Kuluoz from Infecting Your PC


Assuming that you don't want your computer to become infected with malware that will attempt to trick you into handing over your credit card information by performing bogus system scans & showing you a list of fake infections, keeping Kuluoz away from your computer is relatively easy. All you have to do is:

  • Exercise caution when following hyperlinks.

  • Keep your operating system fully patched & up-to-date.

  • Always run antivirus software & keep the virus definitions current.

  • Consider running a browser plug-in like NoScript that offers user control over JavaScript & Java embedded on websites you visit.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Emma Watson Tops 2012 List of Most Dangerous Celebrities to Search Online

Emma WatsonThinking of hitting up Google to get the latest buzz on your favorite celebrity? You may want to check whether or not your favorite star is on McAfee’s 2012 list of the Most Dangerous Celebrities to search for on the web first.

As we all know, cybercriminals love to create malicious websites designed to spread malware or steal personal information through a crafty phishing trap – and they often use juicy celebrity content to lure us to said sites.

In 2011, McAfee said that a web search for Heidi Klum had a 1-in-9 chance of taking you to a website that would attempt to plant spyware, adware or some other type of malware on your PC. Searches involving Cameron Diaz, Piers Morgan, Jessica Biel and Katherine Heigl were also said to pose a danger to the health of user’s PCs.

This year’s most dangerous celebrity to search for online is said to be none other than Harry Potter’s Emma Watson. In fact, McAfee found that those who searched for the latest Watson pictures and downloads have a 1-in-8 chance of hitting a malicious website.

Here's the list of top 10 most dangerous celebrities to search for online:

  1. Emma Watson

  2. Jessica Biel

  3. Eva Mendes

  4. Selena Gomez

  5. Halle Berry

  6. Megan Fox

  7. Shakira

  8. Cameron Diaz

  9. Salma Hayek

  10. Sofia Vergara


Keeping Your PC Safe When Conducting Celebrity Searches Online


In the event that you just cannot resist searching for gossip on your favorite celebrity, McAfee has a few words of advice on staying safe:

  • Use common sense: if it sounds too good to be true, it probably is.

  • Always double-check the web address (URL) that you are going to. For example, if you are searching for Amazon.com and get a result for “Amazzon.cn”, you should know not to click.

  • Beware of content that prompts you to download anything before providing you with content. You may want to opt to watch streaming videos or download content from an established site, such as Hulu, Netflix, NBC, or ABCtv.

  • Free downloads are significantly the highest virus-prone search terms. Anyone searching for videos or files to download should be careful as not to unleash malware on their computer.

  • Since most people use a variety of devices to search for celebrities, be sure you have up to date, comprehensive security for all of your devices.

  • Keep your operating system and third-party software patched and up-to-date at all times to help minimize the success of drive-by-download attacks.


[via McAfee]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Friday, September 7, 2012

Pushdo Trojan Still Recruiting Computers into Botnet, Shielding C&C Traffic

Trojan HorseA new variant of the Pushdo Trojan downloader is infecting computers with the Cutwail bot engine and transforming the infected system into an evil spam-spewing machine, according to the Dell SecureWorks Counter Threat Unit.

One of the interesting things about Pushdo is that it generates fake HTTP requests to an extensive list of legitimate websites in addition to requests made to its command & control servers.

“The purpose of these fake HTTP requests is to make Pushdo's command and control (C2) traffic, which also uses HTTP, blend in with legitimate traffic,” explained Brett Stone-Gross, a Dell SecureWorks Counter Threat Unit  researcher. “It used a similar technique in a previous variant that was first introduced around February 2010.”

Unfortunately, the amount of garbage HTTP requests generated by Pushdo bots often proved too much and resulted in sites being knocked offline. Stone-Gross wrote that website owners affected by Pushdo may filter out its fake requests by creating a web server rule to drop the traffic.

Pushdo's command & control servers are currently located at:

  • shanisoft.kz (69.175.71.98)

  • hijsoft.ru (78.46.77.46)


How to Keep Pushdo Off Your PC


Being that Pushdo is typically delivered via drive-by-downloads, users can avoid having their machine turned into a spam distributor by:

  • Keeping their operating system, web browser and any other third-party software installed on your PC fully patched and up-to-date.

  • Exercising caution when following hyperlinks (this especially rings true with links embedded in emails as the primary focus of the botnet is to send out malicious spam).

  •  Always running antivirus and keeping the virus definitions current.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: NetGear CMD31T-100NAS High Speed Cable Modem for $80!

This deal expired on 9/14/12. Check top banner ad for current deals.

NetGear CMD31T-100NAS High Speed Cable ModemThe NETGEAR high speed cable modem provides a connection to high-speed cable Internet. It provides up to 150 Mbps download and upload speed for streaming HD videos, faster downloads, and high-speed online gaming.

Until September 14th, 2012, you can order a new NetGear CMD31T-100NAS High Speed Cable Modem from Hyphenet for only $80, plus shipping!

Specifications for NetGear CMD31T-100NAS High Speed Cable Modem





































Product TypeCable Modem - Gigabit Ethernet
Enclosure TypeExternal
Max Transfer Rate150 MBps
Protocols &
Specifications
DOCSIS 2.0,
DOCSIS 3.0
System RequirementsMacOS,
Windows 2000/XP/Vista/7
Interfaces1 x TV antenna - F connector
1 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45
Dimensions (WxDxH)6.9 in x 4.5 in x 1.2 in
Weight10.9 oz

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your NetGear CMD31T-100NAS High Speed Cable Modem today!


Buy of the Week offer valid through September 14th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This deal expired on 9/14/12. Check top banner ad for current deals.

Wednesday, September 5, 2012

McAfee Researchers Spot Malware Posing as Antivirus: Win 8 Security System

Fake Antivirus Alert!A new rogue antivirus tool by the name of “Win 8 Security System” is infecting computers via websites rigged with drive-by-downloads and tainted torrent files, according to antivirus firm McAfee.

Like any other fake antivirus, Win 8 Security System performs fake “system scans” and produces a list of false malware detections in an attempt to scare the user into purchasing protection and/or malware removal services.

Any reluctance to hand over payment information will be met with constant, authentic-looking alerts reminding the user that their system has been “compromised.”

Win 8 Security System Desktop Alert Bubble
Virus Infection!

System security was found to be compromised, Your computer is now infected. Attention, irreversible changes may occur. Private data may be stolen.

Click here now for an instant anti-virus scan.

Getting Win 8 Security System off your computer can be a bit of a pain as it comes with a rootkit to protect its files, but legitimate antivirus programs should be able to remove it. If that fails, a manual removal of Win 8 Security System is possible, but should only be carried out by experienced users (IT specialists or highly qualified system admins).

A botched malware cleanup job can lead to permanent damage to the infected machine, not to mention that there’s a good chance the malware would automatically repair itself if it’s not completely removed.

But enough about getting it off of your system..

Keeping Your PC “Win 8 Security System” Free


How can you prevent Win 8 Security System from even making it on your PC? McAfee offered some advice, and we've thrown in a few pointers too:

  • Disable Java plug-ins in your browser.

  • Protecting your PC with a legitimate antivirus solution with real-time protection enabled.

  • Keep your operating system & installed software (especially Adobe Flash & Acrobat, along with Java) patched & up-to-date.

  • Exercise caution when following links and do not download files from unknown or untrusted sources.



Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Tuesday, September 4, 2012

Spam Targeting Recent Java Flaws Hits Inboxes

The Dangers of Java 7Reports of malware spam attacks show that cybercriminals are not wasting any time taking advantage of the Java vulnerabilities that have been making headlines as of late.

The Case of the Fake Microsoft Services Agreement Email


As of September 1st, the Internet Storm Center (ISC) wrote that they’d received multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement.

The phony email messages are a knock-off of actual emails that Microsoft recently sent out to users announcing changes made to Microsoft’s Services Agreement that are set to take effect later this month.

The only real difference between the emails (aside from the originating source) is that all of the hyperlinks within the email have been set to point to a malicious site housing the BlackHole exploit kit.

According to the VirusTotal report linked in the ICS report, only 6/42 antivirus programs can detect the ZeuS variant delivered upon a successful attack, which involves Java vulnerability CVE-2012-4861.

Bogus Amazon Order Emails Return for Java Exploits


Meanwhile, while ICS was receiving multiple reports of fake Microsoft emails, researchers over at Websense were being inundated with tens of thousands of fake Amazon order confirmation emails.

The emails, titled “Your Order with Amazon.com” were short, sweet, and to the point: tap the “click here” link and be on your merry way to a BlackHole exploit site also looking to exploit Java (along with Adobe Flash and Reader):
Subject: Your Order with Amazon.com

Dear Customer,

Please click here and verify your order is #[RANDOM NUMBER] with Amazon.com.

We hope to see you again soon!

Protect Your PC from Malware Spam Attacks


With all of the attention Java (and its never-ending supply of security flaws) has received as of late, it’s important that users exercise caution to avoid having their computers infected with malware. That basically means that you should:

  • Look before you click: Hover your mouse over links to check the destination URL before following it.

  • Disable / remove Java if you don’t need it.

  • Review email headers if you doubt the authenticity of an email.

  • Keep your OS and antivirus programs up to date.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.