Friday, December 28, 2012

What to Look for to Protect Yourself from Phishing Emails

phishingAt any point in your Internet usage life-time, you can be bombarded by emails that are either "phishing" for personal information or trying to get you to install something you don't want or need.

Although a large portion of these emails can seem legitimate, there are a few things you can look at in order to tell if they are fake or not.

  1. Sender - If an email looks legitimate with logos, branding, and business-type language take a look at where the email came from. Companies such as Facebook, PayPal, and others do not use Yahoo, Gmail, or Hotmail in order to send important account information. Make sure that the company name is spelled correctly in the email address as well. Some scams using PayPal have had the email extension "@payspal.com" - notice the 's'.

  2. Undisclosed Recipients - If you are getting an email that speaks to you as an individual but says it was sent to "undisclosed recipients" in the "To:" heading, this means that someone or a bot sent that email to many people using blind-carbon-copy. This means that emails stating that you won $1.5 million in a UK lottery that was sent to "undisclosed recipients" was probably sent to 1.5 million email addresses.

  3. Addressed by Name - Professional emails coming from Facebook, PayPal, UPS, and a slew of others willalways address you by the name on the account. It will never say Dear User, Friend, Customer, or the like. If the company's system was hacked and personal names to the accounts were released, it could still be fake. However, this instance is extremely rare.

  4. Locality - Beware of emails that were sent from email addresses based in other countries. Extensions such as .hk, .uk, .pi, and vast amounts of others are favored by scam artists and hackers. If you live in Florida and receive an email from UPS, it will not be from Hong Kong.

  5. Personal Info - A favored tactic of scam artists is the use of PayPal and Facebook professional looking emails that request your account information, login, and passwords so they can "verify" or "activate" your account. A legitimate business will never request your account or personal information through an email. First of all, they already have your personal info if it is legitimate. Secondly, email can be intercepted and your account info can be stolen.

  6. Unsolicited - If you didn't enter a lottery or contest, you didn't win the prizes spoken of in that email from the UK. If you're not expecting an ATM card worth $1 million, than it's not really there. If an email comes to you stating how the sender was able to find you to give you something but they need your information, question it. If they found your correct email address, they should have your name in the first place.


Never give your personal information, usernames, or passwords to anyone in an email. This could give the criminal element access to your personal accounts and information in order to steal your identity. If an email looks too good to be true, then it usually is 99.9% of the time. That poor Nigerian prince will have to find someone else to move that multimillion dollar account of his.

This guest post is compliments of Ken Myers, the founder of Longhorn Leads. Over the years, Ken has learned the importance of focusing on what the customer is looking for and literally serving it to them. He doesn't try to create a need, instead he tries to satisfy the existing demand for information on products and services.

Buy of the Week: Yealink SIP-T32G Handset for $162 each (or 10 for $1,500)

yealink-SIP-T32G-2The SIP-T32G IP Phone is Yealink's latest innovation for people with demanding collaborative communication needs.

For managers, it is a future-proofing network investment which supports seamless migration to GigE-based network infrastructure. Dual-port Gigabit Ethernet is designed for flexible deployment options and lower cabling expenses. With its high-resolution TFT color display, SIP-T32G IP Phone offers a brilliant depiction of caller’s information.

Until January 4th, 2013, you can order a Yealink SIP-T32G from Hyphenet for only $162 each, or order 10 for $1,500, plus shipping!

Specifications for Yealink SIP-T32G Handset









































MFR# SIP-T32G
FeaturesCall transfer (blind/semi-attended/attended
3 Programmable keys, XML phonebook, BLF
Auto-answer, 3-way conferencing
Speed dial, SMS, Voicemail
Message Waiting Indication (MWI) LED
Country specific Tone Schemes, Volume Controls
Direct IP call without SIP Proxy
Ring tone selection/import/delete
Phonebook (1000 entries), Black list
Call History: dialled/received/missed/forwarded
Menu-driven user interface
Localised Language(s) and import method
Soft Keys programmable
Specification3 VoIP SIP accounts, Hotline, Emergency Call
HD Voice: HD Codec, HD speaker, HD handset
TI Aries chipset and TI voice engine
Dual-port Gigabit Ethernet (Router & Switch)
Supports IPV6
Power over Ethernet (PoE)
3" TFT-LCD, 400 x 240 pixel, 262K colours
Convenient and intuitive user structure
Headset Support
Action URL/URI
XMl Idles Screen
Wallpaper, Screensaver
Color Picture Caller-ID
Theme, Screen sleep
LDAP phonebook
IPPBX System IntegrationBusy lamp field (BLF), BLF List, (BLA)
DND & Forward synchronisation
Intercom, Paging, Music on hold
Call park, Call pickup
Anonymous call, Anonymous call rejection
Network Conference
Distinctive ringtone
Dial Plan, Dial Now
Codecs and Voice FeaturesWideband codec: G.722
Narrowband codec(s): G.711 u/A law, G.723.1, G.726, G.729AB
VAD, CNG, AEC, PLC, AJB, AGC
Full-duplex speakerphone with AEC
Secure Real Time Protocol (SRTP)
SecurityOpen VPN, 802.1x, VLAN QoS (802.1pq), LLDP
Transport Layer Security (TLS)
HTTPS (server/client), SRTP (RFC3711)
Digest authentication using MD5/MD5-sess
Secure configuration file via AES encryption
Phone lock for personal privacy protection
Admin/VAR/User 3-level configuration mode
ManagementAuto-provision via FTP/TFTP/HTTP/HTTPS
Auto-provision with PnP
SNMP V1/2 optional, TR069 optional
Configuration: browser/phone/auto-provision
Factory configuration customization
Trace package and system log export
Physical Features2 x RJ45 10/100/1000Mbps Ethernet Ports
TI Aries chipset
3" TFT-LCD, 400 x 240 pixel, 262K colours
32 keys including 3 programmable keys
1 x RJ9 (4P4C) handset port
1 x RJ9 (4P4C) headset port
Power adaptor: AC 100-240V input and
DC 5V/2A output
Power over Ethernet (IEEE 802.3af)
Power Consumption approx.: 4.0W
Net weight: 0.77KG
Dimension: 185x200x90mm
Operating humidity: 10-95%
Storage temperature: up to 60C
Warranty1-Year Yealink Warranty

Call (619) 325-0990 to order a Yealink SIP-T32G Handset today!


Buy of the Week offer valid through January 4th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Thursday, December 27, 2012

'UPS Delivery Confirmation Failed' Spam Leads to Drive-by-Download Attacks

UPS LogoBe careful not to click on any links within emails purporting to be from UPS claiming that a delivery confirmation failed.

Webroot researchers warn that spammers are up to their old tricks and are widely-spamming out fraudulent UPS notices to drive users to malicious websites serving malware.

Here’s a copy of the email currently being sent out:

UPS Delivery Confirmation Failed
Screenshot Credit: Webroot



UPS – Your UPS Team

Good Morning,

Dear Client, DELIVERY CONFIRMATION: FAILED

Track your Shipment now!

Pack it. Ship ip. No calculating , Your UPS Team.

According to Webroot, recipients that click on a link within the email will be taken to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to exploit system vulnerabilities in order to plant malware on the visiting machine.

What to Do with UPS Spam


If you receive an email similar to the one below, it is strongly recommended that you:

  • Do NOT click on any hyperlinks within the email.

  • Report the email to UPS by forwarding it to fraud@ups.com (be sure to include the full headers).

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Android Trojan Can Partake in DDoS Attacks, Send SMS Spam

evil-android-manDr. Web researchers have discovered a new Android Trojan, Android.DDoS.1.origin that is capable of sending SMS spam and partaking in DDoS attacks.

While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone.

As a matter of fact, Dr. Web researchers wrote that, once installed, Android.DDoS.1.origin will create an icon that not only closely resembles that of Google Play, but launches Google Play when selected to reduce suspicion of foul play.

Android.DDoS.1.origin

Screenshot Credit: Dr. Web


If it is launched, the Trojan will reach out to its command and control server (C&C) to relay the phone number belonging to the infected device and standby for further instructions to do one of the following:

  • Participate in DDoS attacks by sending data packets to a specified server address & port

  • Help with spamming efforts by sending the SMS spam message to the phone numbers specified by its C&C


Given the malicious activity, owners of infected devices will not only experience a decrease in performance but higher phone bills thanks to the SMS spamming & unauthorized data usage.

Dr. Web researchers note that the Trojan’s code is heavily obfuscated, indicating that the authors want to hide its function. That’s not much of a surprise given the malware’s capabilities; the attackers can easily use it to attack competitor websites, advertise products via SMS spam, or help generate revenue by sending text messages to premium numbers.

Keeping Your Android Device Safe


There is currently no evidence that users run a high risk of encountering this threat, or of it being distributed in the Google Play store. With that being said, here are a few steps that Android users can follow to keep their devices safe:

  • Only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android.

  • Always check the number of downloads, app rating and user reviews. If an app has a poor rating or a long list of poor reviews, you probably shouldn’t download it.

  • Carefully review permissions before downloading and/or installing an app.

  • Do not click links or download apps advertised in unsolicited text messages or emails.

  • Consider installing a mobile antivirus app on your device; Sophos offers a free solution with remote wipe capabilities in the event that your device is lost or stolen. Check it out.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Reveton Ransomware Updated Again: You have 48 Hours to Pay or Else

Ransomware Got Your PC?Will Trojan.Ransomlock.G (better known as “Reveton”) really reformat your computer and delete all of your precious files if you refuse to pay the ransom fee?

Symantec researchers say that although the Reveton malware authors updated the lock screen to suggest that any attempt to manually remove the ransomware will result in the infected computer’s hard-drive being wiped, there’s no indication that the malware actually contains such functionality.

Infact, they were able to manually remove the latest Reveton variant and unlock the computer without any subsequent hard-drive reformats or file loss during their analysis. For the most part, the only real changes in new variant appear to be:

  • the empty threat of deleting files by reformatting the operating system

  • a higher ransom fee of $300

  • a countdown timer indicating that victims only had 48 hours to pay or “suffer the consequences”


Reveton Ransomware Change
Screenshot Credit: Symantec



Got Reveton Ransomware?


As a reminder, ransomware victims are urged to ignore the ransom demands and follow the instructions below instead:

  • Perform a full system scan using up-to-date antivirus software. If you happen to experience any difficulty detecting the threat, you can give these tools a try:


  • Users that are more tech-savvy can (carefully) restore system registry settings to their previous values. See Symantec’s write-up for instructions on how to do this.


Steps to Keep Your Computer Ransomware Free


Here are some precautionary steps you can take if you don’t fancy the idea of ransomware taking your PC hostage and making monetary demands:

  • Keep your operating system & installed third-party software fully patched and up-to-date.

  • Always run antivirus software and keep the virus definitions current.

  • Do not download or open files attached to unsolicited emails.

  • Use a Windows user account that has limited privileges (unable to install software).

  • Remain vigilant when surfing the internet and always use a URL expander to check the destination URL for shortened links before following them.


[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, December 21, 2012

Buy of the Week: 13.3” Apple Macbook Pro for $1,170!

13.3” Apple Macbook ProMacBook Pro features Intel's new third-generation Core architecture for a boost in processor and memory speeds. New next-generation graphics deliver performance levels that are up to 60 percent faster than before. And high-speed Thunderbolt I/O lets you transfer data at rates up to 10 GBps. The MacBook Pro is a great computer that just got even greater.

Until December 28th, 2012, you can order a 13.3” Apple Macbook Pro from Hyphenet for only $1,170, plus shipping!

Specifications for 13.3” Apple Macbook Pro

























































MFR# MD101LL/A
Display13.3 inch LED-backlit display
1280-by-800 resolution
ProcessorIntel Core i5 2.5 GHz
Storage500 GB HDD (5400 RPM)
RAM4 GB DDR3
Optical DriveDVD-Writer DL
GraphicsIntel HD Graphics 4000
Networking802.11n, Bluetooth 4.0,
Gigabit Ethernet
Battery Run TimeUp to 7 hours
Dimensions (WxDxH)12.8 in x 8.9 in x 0.9 in
Weight4.5 lbs
Operating SystemOS X 10.8 Mountain Lion
Warranty1-Year Apple Warranty

Call (619) 325-0990 to order a 13.3” Apple Macbook Pro today!


Buy of the Week offer valid through December 28th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

'Change Your Facebook Color' Scam Tricks Users into Downloading Malicious Chrome Extension

Facebook RedCybercriminals are doing all they can to take advantage of Facebook users that [for whatever reason] want to change the site’s theme color.

Dozens of internet scams have popped up in the past, promising to give Facebook users the ability to change Facebook’s signature blue to another color, such as pink or black. Most of these offers turned out to be nothing more than a survey scam, but there were some that were just a way for the scammer to take over the victim’s Facebook account.

The goal of the latest version of the Facebook color-changing scam, however, is to get users to download a malicious Chrome extension.

Potential victims are first exposed to this scam after receiving a Facebook event advertising a Tumblr page, titled ‘My Friends Can Change The Facebook Color’ that will redirect them to another site offering the rogue Chrome extension.

[gallery columns="2" link="file" ids="8221,8222"]

Screenshot Credits: Webroot


Once installed on the victim’s browser, the extension runs a script that will keep the scam going by:

  • creating a new Tumblr page that redirects to the page promoting the Chrome extension

  • creating a new Facebook event promoting the offer & directing users to the freshly-created Tumblr page

  • inviting all of the victim’s friends to the event


As Webroot researchers have pointed out, the real danger lies within the fact that the rogue Chrome extension will have access to all of your data on all websites along with access to your tabs and browsing history.  That’s a lot of information you don’t want in the hands of a scammer.

Honestly, changing the Facebook website colors isn’t important enough to risk having sensitive information stolen – or having your account taken over by an attacker (if that’s the goal of the scam).

Did You Fall for this Scam?


If you've already fell for this scam, it is recommended that you:

  • Delete the Facebook event.

  • Remove the Chrome extension from your browser

    • Click the Chrome 'Menu' button

    • Select Tools

    • Select Extensions

    • Click the Trash icon next to the extension

    • Click 'Remove' in the confirmation dialog



  • Warn your Facebook friends about this scam & advise fellow victims to follow these same steps.


Make sure you steer clear of any offers to change Facebook theme colors in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Thursday, December 20, 2012

SpamSoldier Android Trojan Spreading via SMS Spam

Android MalwareAndroid users that go against their better judgment & download apps advertised in unsolicited text messages run the risk of infecting their smartphone with mobile malware packing botnet capabilities.

The SpamSoldier Trojan is spread through SMS spam offering users to download a free version of popular paid apps such as The Need for Speed Most Wanted, Grand Theft Auto 3 and Max Payne HD.

Given that the apps are downloading outside of the Google Play store, victims are instructed to first change their security settings to allow apps from “Unknown Sources” be installed on their phone. At that point the target can download the game Trojan and accept the permissions to complete the installation process.

Upon a successful infection, SpamSoldier will connect to it’s command & control server (C&C) to retrieve a list of 50-100 phone numbers along with the SMS message to spam them with. SpamSolider will keep in contact with it's C&C to send progress reports and retrieve a new list once the previous one has been exhausted. (Hopefully the victim has unlimited text messaging on their plan, otherwise they could be looking at an expensive phone bill!)

In addition to pumping out SMS spam offering malicious downloads, SpamSoldier also attempts to trick unsuspecting folks into handing over personal information by offering free gift cards. Here are a few of the SMS spam messages that SpamSoldier has been known to send:

  • Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted].com

  • Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted].mobi for next 24hrs only!

  • You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!


The domains associated with SpamSoldier are prone to change, but they are typically .mobi top-level domains.

What to Do If You Receive SMS Spam


If you do happen to receive text message spam, Cloudmark suggests that you

  • Do not reply to the text message.

  • Forward the text message to 7726 (S-P-A-M on your keypad).


Don’t bother replying with ‘STOP’ as that will only work if it’s coming from a legitimate commercial contact.

Tips to Keep Your Android Smartphone Safe


Keeping your Android smartphone isn’t terribly difficult; after all, user-interaction is required for SpamSoldier to take hold of your device. That being said, all you really have to do to keep your Android phone safe from this threat is to:

  • Avoid clicking on links or downloading apps advertised in unsolicited text messages.

  • Stick to official or reputable app stores such as Google Play or Amazon’s App Store for Android to download and install apps.


[via Cloudmark]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, December 18, 2012

SMS Spam Claims You Won $100 Starbucks Gift Card

Starbucks logoIf you thought there was something phishy about that unsolicited text message claiming that you won a $100 Starbucks gift card, give yourself a pat on the back for being right.

Scammers are spamming out the following text message, hoping caffeine lovers will bite the bait and hand over personal details to redeem their “prize” -

SMS Spam Text



Your recent entry has won. Claim your $100 Starbucks Gift Card here hxxp://buxcrd.com

Following the link will take you to the page seen below on buxcred.com, a domain that's clearly not related to Starbucks:

SMS Spam: $100 Starbucks Gift Card Landing Page


Clicking “continue” will redirect you to another site, starbucks.freegiftcardworld.com that asks for your email address:

SMS Spam: $100 Starbucks Gift Card  - Give your email


Hopefully you noticed the fine print on this page, because it clearly states that you will have to meet some “eligibility requirements” to claim this $100 Starbucks gift card that you supposedly won. The one requirement that should convince you to stop here is #4, which states:

4) Eligible members can receive the incentive gift package by completing two reward offers from each of the Silver and Gold reward offer page options and nine reward offers from the Platinum reward offer page options and refer 3 friends to do the same. Various types of reward offers are available. Completion of reward offers most often requires a purchase or filing a credit application and being accepted for a financial product such as a credit card or consumer loan.

Hmmm... doesn’t seem like anything was “won” here at all.

If you’re still not convinced, the next page will ask for your personal information – full name, address, date of birth & cellphone number – and a series of random yes/no questions like, ‘Are you interested in going back to school’ and ‘Do you have $10k or more in credit card debt?’ Those seem totally related to the giveaway, right? (/sarcasm)

SMS Spam: $100 Starbucks Gift Card  - Give all of your personal information


SMS Spam: $100 Starbucks Gift Card - Get a free cellphone
(Sidenote: Think twice about giving out your mobile cellphone number as scammers have been known to sign victims up for expensive SMS services.)

Filling out this page and clicking ‘Continue’ will take you to Step 3, which offers a new Cell Phone. Folks that cannot resist clicking on that offer will see a popup window with nothing more than an advertisement.

SMS Spam: $100 Starbucks Gift Card - Free cellphone links to adsClosing the window will reveal a blank screen, which is also the same result you get if you click the barely noticeable ‘No thanks’ button on step 3.

That’s the end of this rabbit hole.

What to Do If You Receive SMS Spam


If this text message lands in your SMS inbox, it is recommended that you:

  • Do not click on the link.

  • Do not supply any personal information.

  • Report the message by forwarding it 7726 (stands for S-P-A-M). You may get an automated reply asking for the sender number.

  • Delete the text message.


Additionally, you can check with your cellphone service provider to see what measures can be taken to stop future SMS spam. Just keep in mind that it’s likely future text message spam will come from a different number.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Ransomware Variant Wants You to Take Surveys to "Unlock" Your PC

Warning!Typically when ransomware takes hold of a computer, it prevents users from accessing their files and demands a couple hundred dollars to regain access.

It seems as though cybercriminals are shaking things up a bit, as GFI Labs researchers recently discovered a new ransomware variant that locks users out of their systems & demands that they complete (an unknown number of) online surveys to unlock it.

Although the researchers didn’t disclose where the ransomware sample came from, they did warn that the threat comes disguised as a filed named “svchost.exe,” although there’s no telling why a user would willingly execute said file.

Either way, should a user make the mistake of running it, they will be locked out of their desktop and presented with the following popup window:

Ransomware Demands You Take SurveysScreenshot Credit: GFI Labs



Unlock this Page to Continue!

This page will immediately unlock and restore normal access upon your participation in an offer below. Please use valid information!

Completions      Reload Offers    My History

Your desktop was locked. Complete an offer below to unlock your desktop!

Your desktop was locked. Complete an offer below to unlock your desktop!

Mystery Shoppers Needed! Earn a £100 ASDA Voucher!
Win a brand new iPhone 4S! Choose Your Colour!
Chance to WIN a £500 Amazon Voucher!
Testers Needed for the iPhone 5!
Win an Apple Macbook Pro + iPhone 4s or iMac + the new iPad!
WIN an iPhone 5 or iPad 3!

Complete an offer to continue »

Fortunately, users don’t have to adhere to the demands of the ransomware or take their PC in for servicing to escape the evil clutches of this particular ransomware. All they have to do is hit Ctrl + Alt + Del and end the mysterious “Locker” process in Task Manager and voila! You can go about your business, which hopefully involves running a full system scan using your antivirus software to remove the infection.

GFI’s security solution, VIPRE Antivirus detects the malicious files associated with this threat as Trojan.Win32.Generic!BT; however, as the name implies, this name covers a wide variety of malicious apps so other antivirus programs may detect it under a different name.

Of course, the best way to deal with ransomware – or any other malware for that matter – is to do all you can to prevent your system from getting infected in the first place. With that, here are some tips to help keep your PC safe:

  • Do not click on links or download files attached to unsolicited emails.

  • Exercise caution when following suspicious links or shortened URLs (always use a URL expander to check the destination URL first).

  • Keep your operating system and third-party software fully patched and up-to-date.

  • Always run antivirus/anti-malware software, keep the virus definitions current and scan your system on a regular basis.

  • Use a Windows user account that has limited privileges (unable to install software).


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Citibank Spam Luring Users into Drive-by-Download Attacks

CitibankLook before you click; that email notifying you that your next Citibank credit card statement is ready could be a trap.

Cybercriminals have been shelling out Citibank spam in an attempt to direct users to malicious sites hosting the Blackhole exploit kit.

The spammers took the time to make sure that the emails, titled “Your Citi Credit Card statement is ready to view online” appear as if they really came from Citibank, and there’s a good chance the recipient will want to follow the ‘View Statement’ link once they see the negative card balance and large payment allegedly due on January 1st.

Here’s the email you will want to look out for:

"Your Citi Credit Card statement is ready to view onlnie" spam

Screenshot Credit: Softpedia



Subject: Your Citi Credit Card statement is ready to view online

Your Account Important Notification
Your Citi Credit Card statement is ready to view online

» View Statement

Dear customer,

Your Citi Credit Card statement is now available for you to view online. Here are some key pieces of information from your statement.

Statement Date: December 13th, 2012
Statement Balance: -$4,476.63
Minimum Payment Date: $662.00
Payment Due Date: Tue, January 01, 2013

Want help remembering your payment due date? Sign up for automated alerts such as Payment Due reminders with Alerting Service.

To set up alerts sign on www.citicards.com and go to Account Profile.

I prefer not to have this email contain specific information from my statement. Please send me just the announcement that my statement is ready to view online.

View Your Account | Pay Your Bill | Contact Us

One thing interesting about this attack is that there are different outcomes depending on which web browser you are using.

If you visit the site using Chrome, you will be prompted to download a malicious Chrome update. Visitors using any other browser run the risk of having malware silently installed on their system thanks to whatever Adobe Flash or Java vulnerability that the Blackhole exploit pack manages to take advantage of.

The difference in attack methods stems from the fact that Chrome doesn’t use Adobe Reader to open PDF files & asks for permission to run Java applets. Blackhole often relies on Adobe Reader & Java vulnerabilities to conduct drive-by-download attacks.

How to Protect Your PC


Here are some simple steps you can take to avoid falling for this phishing scam:

  • Always mouseover links within unsolicited emails to check the destination URL before clicking on them.

  • Keep your operating system, web browser and any other installed third-party software to help thwart drive-by-download attacks.

  • Always run antivirus software and keep the virus definitions current.

  • Consider disabling or removing Java if you do not use it.


Report Phishing Emails


If you do receive a suspicious email from Citibank, you can report it by forwarding it to spoof@citicorp.com.

[via Softpedia]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, December 17, 2012

Phishing Page Offers Fake Security App to Facebook Users

Would you believe an app that promised to protect your Facebook account from being hacked?

Facebook Security App Phishing PageSymantec researchers recently found that cybercriminals had set up a phishing site offering a Facebook app that allegedly protects your account from hackers. The irony in this scam, of course, is not only the fact that it sets user accounts up for hijacking, but the fact that it’s so poorly carried out.

While the scammers did put effort into spoofing the Facebook site design, the phishing page is hosted on a free web-hosting site and for some reason has an image of a fake Facebook stock certificate at the bottom of it.

To install the app, users must provide their Facebook login information and then enter a confirmation code, which researchers found is always “7710.” After entering the requested information, users will see a confirmation page that thanks them for “using this service” and states that their Facebook account will be secure in 24 hours.

That should be plenty of time for the scammer to login and take over their Facebook account.

Protecting Your Facebook Account


If security is a concern, users can keep their Facebook account safe from hackers by following these safety tips:

  • Use a unique, strong password for their account. (Don’t share your password either!)

  • Enable secure browsing (https) on their Facebook profile. (Why?)

  • Enable login notifications, text message notifications & login approvals under Facebook’s security settings.

  • Use Facebook’s App Center to find and install Facebook apps.

  • Always check the URL before entering Facebook login credentials.

  • Exercise caution when checking email (no clicking links or downloading files attached to unsolicited emails) and surfing the web.

  • Keep your operating system & antivirus current to minimize the chances of malware infecting your machine.


[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Thursday, December 13, 2012

Buy of the Week: 8.9” HP Slate 2 Tablet for $577

HP SlateThe HP Slate 2: the right business touch! The HP Slate 2 tablet PC is ideal for people with jobs that frequently take them away from a traditional desk, yet need to remain productive in a familiar Windows environment.

The HP Slate 2 is also intended for those who use custom applications that must operate in a Windows environment. The HP Slate 2 combines an 8.9" diagonal tablet with Intel processor capabilities and wireless functionality from Wi-Fi Certified WLAN.

Until December 21st, 2012, you can order a 8.9” HP Slate 2 Tablet from Hyphenet for only $577, plus shipping!

Specifications for 8.9” HP Slate 2 Tablet

























































MFR# B2A29UT#ABA
Display8.9" LED backlight
1024 x 600 (133 ppi) Multi-Touch
ProcessorIntel Atom Z670 1.5 GHz
Storage32 GB
RAM2 GB
Wireless Connectivity802.11 a/b/g/n,
Bluetooth 4.0 HS
Camera3 Megapixel rear + VGA front
Supported Flash Memory CardsSD Memory Card,
SDHC Memory Card,
SDXC Memory Card
Battery Run TimeUp to 7.5 hours
Dimensions (WxDxH)9.2 in x 0.6 in x 5.9 in
Weight1.5 lbs
Operating SystemMicrosoft Windows 7 Home Premium (32-bit)
Warranty1-Year HP Warranty

Call (619) 325-0990 to order a 8.9” HP Slate 2 Tablet today!


Buy of the Week offer valid through December21st, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Hackers Use Exploit Tool to Compromise Joomla and WordPress Websites

Joomla & WordPressThe Internet Storm Center is advising Joomla & WordPress website administrators to keep their CMS installations up-to-date as cybercriminals are attacking sites using a tool “that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits.”

“Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website).”  John Bambenek wrote on the ICS blog.

Malicious iframes are injected into compromised websites, putting site visitors at risk of having fake antivirus software installed on their machine.

For the uninitiated, fake antivirus allows the attackers to generate revenue by pretending to scan the affected system & produce a list of non-existent malware infections that it offers to remove for a fee.

The domains loaded in the injected iFrames change frequently, but they typically end in "/nightend.cgi?8". Two IP addresses identified to be frequent offenders in this attack are 78.157.192.72 and 108.174.52.38.

That being said, if you have a website running on WordPress or Joomla, it is strongly recommended that you upgrade to the latest version and do your best to keep your CMS current. You may also want to search the web for tips on how to improve website security & minimize the chances of an attacker successfully breaking into your site.

If your site has already been hit, these sites offer instructions on how to clean up the mess:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, December 12, 2012

Internet Explorer Vulnerability Lets Attackers Keep Tabs on Mouse Movement

Internet ExplorerIt may be in your best interest to avoid using virtual keyboards or keypads if you use Internet Explorer.

Web analytics firm, Spider.io discovered a security flaw within Microsoft’s Internet Explorer that can result in cursor movement being tracked as long as the browser window is open.

No software has to be downloaded or executed by the end-user, and it doesn’t matter if the browser window is minimized, unfocused or inactive. All the attacker has to do is buy an advertisement slot on a webpage that you happen to visit using good ol’ IE. As long as you keep that page open, your mouse can be tracked across your entire display – not just within the confines of Internet Explorer.

So what’s the problem?

This vulnerability opens up the possibility of collecting data keyed into virtual keyboards and keypads, which are sometimes used to reduce the chances of keystrokes being captured via keylogging software.

A video demonstration of the vulnerability is available, and you can try the exploit out for yourself by visiting this link using Internet Explorer: http://iedataleak.spider.io/demo

Spider.io disclosed the vulnerability to Microsoft back on October 1st, 2012. Microsoft confirmed the bug, but didn’t seem all that interested in fixing it. Spider.io then released the details of the exploit to the public in hopes of spreading user awareness and getting Microsoft to releasing a fix. At least two [unnamed] ad analytics companies are said to be exploiting the bug to their advantage, so let's hope Microsoft addresses the vulnerability before the bad guys start using it too.

[via Spider.io]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, December 11, 2012

Necurs Trojan Distributed via Drive-by-Download Attacks

Trojan HorseUsers that don’t follow the best computer security practices run the risk of having their PC infected by a variant of Trojan:Win32/Necurs (“Necurs”), warn Microsoft security researchers.

Over 83,427 unique computers were reported to be infected by variants of the Necurs Trojan in November. The large number of infections is likely due to the fact that the Trojan is silently installed on computers via drive-by-download attacks whenever end-users visit a malicious site housing an exploit kit, such as widely-used Blackhole exploit pack.

Once installed on a computer, the Necurs Trojan will modify registry keys to ensure it starts whenever the system is booted, download components that will prevent a variety of legitimate antivirus solutions from functioning properly, download additional malware including rogue security software, open a backdoor to give attackers remote access to the system, and more.

Keeping Your PC Safe from Trojan:Win32/Necurs


To minimize the chances of infection, Microsoft recommends that users:

  • Keep their operating system fully patched and up-to-date to close security holes that may be exploited in drive-by-download attacks.

  • Use antivirus and always keep the virus definitions current. (Microsoft, ESET & Kaspersky all offer antivirus capable of detecting, blocking and/or removing this threat.)

  • Exercise caution when following shortened URLs or clicking links within emails.

  • Do not download or open files attached to suspicious emails.

  • Enable a firewall on your computer.

  • Use a Windows account with limited user privileges.


Removing Trojan:Win32/Necurs


If you suspect that your system may have been compromised by the Necurs Trojan, run a full system scan using an up-to-date antivirus. The following vendors are known to offer security solutions capable of detecting & removing this threat:

  • Microsoft (detected as Trojan:Win32/Necurs)

  • ESET (detected as Win32/TojanDownloader.Necurs.B)

  • Kaspersky (detected as Trojan-Dropper.Win32.Necurs.va)


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, December 10, 2012

Rimecud Trojan Poses as TrendMicro Antivirus

Threat of TrojanIf you’re going to download antivirus software, make sure it’s from a reputable vendor’s website and not some random website you landed on after clicking a link within a solicited email.

TrendMicro researchers have come across a Trojan masquerading as “TrendMicro Antivirus Plus AntiSpyware” in order to trick users into downloading and executing it on their computer. Legitimate TrendMicro security products detect this threat as TROJ_RIMECUD.AJL ("Rimecud").

Trojan posing as TrendMicro Antivirus Screenshot Credit: TrendMicro


Once executed, Rimecud will create a process, svchost.exe and ultimately download a bitcoin-mining application created by Ufasoft. The bitcoin-mining application, detected by TrendMicro as HKTL_BITCOINMINE, will generate profit for the attackers by using the infected machine’s processing power to create bitcoins.

Although there have been previous malware attacks that transform affected machines into bitcoin miners, TrendMicro researchers warn that we'll likely see more of them since Bitcoin Central recently scored approval to operate as a bank, making it possible to convert euros to bitcoins and vice-versa.

To avoid having your system turned into a bitcoin-making machine, it is recommended that you:

  • Exercise caution when following online ads, shortened urls, or when visiting unknown websites.

  • Only download applications from reputable vendor websites.

  • Always keep your operating system & installed software patched & up-to-date.

  • Always run antivirus software & keep the virus definitions current.


If you suspect your system has been infected by TROJ_RIMECUD.AJL, perform a full system scan using antivirus provided by TrendMicro, McAfee or Microsoft.

[via TrendMicro]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, December 7, 2012

Buy of the Week: Cisco WAP321 Wireless-N Selectable-Band Access Point with PoE for $198

Cisco WAP321 Access PointThe Cisco WAP321 is a sleek, high-performance, and easy to deploy selectable band Wireless-N access point that delivers fast, reliable wireless connectivity and allows small businesses to easily expand their wired networks.

Until December 14th, 2012, you can order a Cisco WAP321 Wireless-N Selectable-Band Access Point with PoE from Hyphenet for only $198, plus shipping!

Specifications for Cisco WAP321





























































MFR# WAP321-A-K9
Device TypeWireless access point
Enclosure TypeExternal
Connectivity TechnologyWireless
Data Transfer Rate300 Mbps
Data Link ProtocolIEEE 802.11b,
IEEE 802.11g,
IEEE 802.11n
Network / Transport ProtocolDHCP, Bonjour
Remote Management ProtocolTelnet,
SNMP 3,
HTTP,
HTTPS,
SSH
Frequency Band2.4 GHz,
5 GHz
Encryption AlgorithmWPA, WPA2
Authentication MethodRADIUS,
Radio Service Set ID (SSID)
Compliant StandardsIEEE 802.3,
IEEE 802.3u,
IEEE 802.1Q,
IEEE 802.11b,
IEEE 802.3af,
IEEE 802.11d,
IEEE 802.11g,
IEEE 802.1x,
IEEE 802.11i,
IEEE 802.11e,
IEEE 802.11n,
Wi-Fi Protected Setup
Power Over Ethernet (PoE) Yes
WarrantyCisco Limited Lifetime Warranty

Call (619) 325-0990 to order a Cisco WAP321 Wireless-N Selectable-Band Access Point with PoE today!


Buy of the Week offer valid through December 14th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Thursday, December 6, 2012

Bogus RapidFax Emails Used to Spread Trojan

RapidFaxProceed with caution if a RapidFax fax alert arrives in your email inbox.

RapidFax allows users to send faxes online without using a fax machine, & cybercriminals are sending out bogus emails claiming that a new inbound fax has been received via RapidFax to try & trick recipients into downloading the malicious file attached to the email.

The spam emails typically use one of three titles: “Inbound Fax”, “RapidFax: Inbound Fax”, “RapidFax: New Inbound Fax” and have spoofed headers that make it appear as if it were sent from reports@rapidfax.com.

The email body contains fake information related to the non-existent fax message received, and a file named rapidfax-E4C935577EDD.zip is attached to the email.

Example email:

RapidFax SpamScrenshot Credit: MX Labs



From: RapidFax (reports@rapidfax.com)
Subject: Inbound Fax

A fax has been received.

MCFID = 44558583
Time Received = Tue, 04 Dec 2012 13:18:49 -0400
Fax Number = 0541235410
ANI = 2804453004
Number of Pages = 20
CSID = 70060312745
Fax Status Code = Successful

Please do not reply to this email.

RapidFAX Customer Service
www.rapidfax.com

© 2012 J2 Global, Inc. All rights reserved. RapidFAX is a registered trademark.

Inside the zip archive is RapidFAX_MCID_000_LOTS_OF_NUMBERS__13341.pdf.exe, a malicious file sporting a rather long name in an attempt to hide the fact that is an executable file. That file is actually a Trojan that Microsoft identifies as PWS:Win32/Fareit.

Once installed on your computer, PWS:Win32/Fareit will keep busy by stealing login credentials stored in your web browser and FTP clients, and relay the data back to a remote server. Beyond that, PWS:Win32/Fareit has also been known to download and install the ZeuS banking Trojan onto the affected system.

Protecting Your PC from PWS:Win32/Fareit


Here are some preventative measures users can take to protect their PC from this threat:

  • Do not download or open files attached to unsolicited emails.

  • Always run antivirus software & keep the virus definitions current.

  • Keep your operating system & installed third-party software fully patched & up-to-date.


Removing PWS/Win32/Fareit From Your System


If you believe that your system has been infected by the Fareit Trojan, perform a full system scan using an antivirus solution to detect & remove the infection. The following vendors offer security solutions capable of detecting this threat, among others:

  • F-Secure [detected as Trojan-PSW:W32/Agent.DUHK]

  • Kaspersky [detected as Trojan-PSW.Win32.Tepfer.cqaj]

  • ESET [detected as Win32/Kryptik.APZB variant]

  • Malwarebytes [detected as Trojan.Lameshield]

  • McAfee [detected as Generic PWS.o]

  • Microsoft [detected as PWS:Win32/Fareit]

  • Sophos [detected as Troj/Zbot-DDW]

  • Symantec [detected as W32.Qakbot]

  • TrendMicro [detected as BKDR_PTF.AAA]


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spam Contributing to Increase of W32.Changeup Infections

PC TrojanFraudulent spam messages purporting to be from financial institutions are one of the driving forces behind the recent uptick in W32.Changeup infections, report Symantec researchers.

In the spam message, users are instructed to download and open a file, securedoc.html.zip that’s attached to the email as it allegedly contains a secure message from their bank. In reality, that file contains a malicious executable file (.exe) that Symantec identifies as Downloader.Ponik.

Here is an example message that users should look out for:

Spam Spreading W32.Changeup WormScreenshot Credit: Symantec



Subject: You have received a secure message

You have received a secure message

Read you secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions about e-mail encryption service, please contact technical support at 888.764.[REMOVED].

First time users – will need to register after opening the attachment.
Help – https://[REMOVED]/websafe/help?topic=RegEnvelope
About [REMOVED] Encryption – https://[REMOVED]/websafe/about

Should a user make the mistake of downloading and executing the file, they will be opening their system to a variety of malware infections. Downloader.Ponik kicks things off by connecting to a remote host to download the Gameover variant of the infamous ZeuS Trojan. Gameover download & installs W32.Changeup, Changeup then downloads additional threats, and so forth.

In addition to downloading malware, W32.Changeup is known for its ability to spread via removable and mapped drives by taking advantage of the Windows AutoRun feature. See Symantec’s write-up of W32.Changeup for more information.

Keeping Your PC Safe


Here are some tips to keep your computer safe from the Changeup worm:

  • Do not download or install files attached to unsolicited emails. This is one of the most common infection methods used, and most companies do not send emails with file attachments.

  • Always run antivirus software and keep the virus definitions current.

  • Keep your operating system and installed third-party software fully patched and up-to-date.

  • Scan removable drives before transferring or opening any files stored on them.

  • Disable the AutoRun feature on your PC. (Instructions)


Is Your Computer Infected?


If you suspect that W32.Changeup has already made its way onto your system, you can run a full system scan using an antivirus solution capable of detecting the threat. The Changeup worm has been around for a few years now, so you have plenty of vendors to choose from:

  • ESET [detected as Win32/VBObfus.GH]

  • F-Secure [detected as Gen:Variant.Symmi.6831]

  • Kaspersky[detected as Worm.Win32.VBNA.b]

  • McAfee [detected as W32/Autorun.worm.aaeh]

  • Microsoft [detected as Win32/Vobfus.MD]

  • Panda [detected as Trj/CI.A ]

  • Sophos [detected as W32/VBNA-X]

  • TrendMicro [detected as WORM_VOBFUS]


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, December 5, 2012

5 Most Dangerous Malware Trends of 2013 [INFOGRAPHIC]

What malware threats do we have to look forward in 2013?

Trusteer researchers warn that we’ll start seeing more MitB malware attacks targeting Google Chrome, malware capable of hooking into native 64-bit processes, new financial malware threats and shorter malware lifecycles.

The infographic below explains the dangers associated with these emerging threats:

5 Dangerous Trends of 2013

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, December 4, 2012

Researchers Discover New Backdoor Trojan Targeting Mac Users

Mac OS X TrojanResearchers have discovered a new backdoor Trojan targeting Mac users, which many antivirus vendors are referring to as OSX/Dockster.A.

Dockster is said to be a basic backdoor Trojan that’s capable of capturing keystrokes, downloading arbitrary files and providing an attacker remote access to the system.

According to Intego, upon infection, Dockster will remove itself from the location it was ran and install in the user’s home directory under the filename .Dockset. This file cannot be seen when using Finder, but you will be able to see it using OS X’s Activity Monitor when it's running.

Once it is all settled in on your Mac, Dockster will phone home to itsec.eicp.net for instructions.

Dockster is actively being served in-the-wild, but is considered a low-risk since it is not widespread and has only been seen on gyalwarinpoche.com, a website dedicated to the Dalai Lama that was compromised to drop the Trojan on visiting computers.

The exploit code used in the attack leverages the same Java vulnerability (CVE-2012-0507) that was used to infect machines with the Flashback & Sabpab Trojans earlier this year. (On a side note, F-Secure warns that this site is rigged with another Java exploit, CVE-2012-4681 to drop Trojan.Agent.AXMO on computers running Windows as well.)

Protecting Your Mac from OSX/Dockster.A


Here are some tips to keep your Mac safe from this threat:

  • Keep your operating system fully patched & up-to-date, as Apple has previously released updates to deal with Java-based threats.

  • Either toggle Java browser plugins as they’re needed or remove Java from your system if you don’t use it.

  • Always run antivirus software on your system. It’s better to be safe than sorry!


Think Your System Has Been Infected?


Thankfully there are a few antivirus programs capable of detecting & removing this threat, so take your pick:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, December 3, 2012

FedEx Spam Delivers Zortob.B Trojan at Your Virtual Doorstep

FedExThere’s a fresh batch of FedEx spam going out, loaded with a malicious link that will attempt to drop malware posing as a postal receipt onto your computer.

The email may carry the FedEx logo and a fairly clean layout; however, the subject line & sender details should serve as a red flag that something is amiss. Here’s the email:

FedEx Spam



Subject: Tracking Detail (170)10-170-170-6365-6365
From: Priority Shipping Service (user.p[at]seattle.com)

FedEx

Order:  HD-5468-483254683
Order Date: Tuesday, 26 November 2012, 10:17 AM

Dear Customer,

Your parcel has arrived at the post office at November 28. Our postrider was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this postal receipt.

GET POSTAL RECEIPT

Best Regards, The FedEx Team.

The hyperlink included in the email doesn’t point to fedex.com, but a third-party site that will automatically download the file, Postal-Receipt.zip onto your computer.

To no surprise, Postal-Receipt.zip doesn’t contain your postal receipt, but malware identified by ESET Endpoint Antivirus as Win32/TrojanDownloader.Zortob.B (which I refer to simply as “Zortob.B”).

Zortob.B (aka Win32/Kuluoz!zip to Microsoft) is often attached to  fraudulent delivery notices like the one shown above, and should it successfully infect your machine, will attempt to steal login credentials & files from your computer.

Protect Your PC from the Zortob.B Trojan


Since Zortob.B is often delivered via malicious spam, it is strongly recommended that you:

  • Avoid downloading files or clicking links attached to unsolicited emails.

  • Always run antivirus software that offers real-time scanning.

  • Use your computer under a user account with limited privileges.

  • Keep your operating system and installed software fully patched & up-to-date.


Removing a Zortob.B Infection


If you suspect that your system may have been infected with the Zortob.B Trojan, it is recommended that you run a full system scan with an up-to-date antivirus solution. We recommend using antivirus products offered by one of the following vendors as they are known to be capable of detecting this threat:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

IC3: Reveton Ransomware Now Impersonating Us, Don't Fall For It

Internet Crime Complaint Center (IC3)There’s a new Reveton ransomware variant in circulation, and it’s using the Internet Crime Complaint Center (IC3) brand and reputation to extort money out of its victims.

In the past, Reveton has impersonated the FBI, Interpol, and the Metropolitan Police, so it’s not that big of a surprise that it added IC3 to the list. The Internet Crime Complaint Center, as its name implies, handles complaints tied to cybercrime such as hacking, online extortion, identity theft, etc.

Reveton typically makes its way onto computers via drive-by-downloads, or is downloaded by other malware already on the system (the Citadel Trojan is known to download Reveton). Upon infection, Reveton will freeze the system and present the user with a message accusing them of breaking U.S. federal law by accessing child pornography or other equally disturbing content.

According to the warning message, in order to avoid prosecution by IC3 and regain access to their files, users must submit payment via MoneyPak or UKash within 72 hours.

It's important that users understand that this message is NOT a legitimate warning from the IC3, and users should NOT submit payment.

Here’s a screenshot of the message displayed by the new variant:

Reveton IC3 Message



THREAT OF PROSECUTION REMINDER

You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article I, Section 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

You have been viewing or distributing prohibited Pornographic content (Child port, Zoofilia, etc.) this violating article 202 of the Criminal Code of the United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.

Pursuant to the amendment to the Criminal Code of the United States of America of May 28, 2011, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.

Fees may only be paid within 72 hours after the infringement. AS soon as 72 elapse, the possibility to pay the fine expires, and a criminal case is initiated.

If you see this page, do NOT send payment!

Keep Your PC Reveton-Free



  • Keep your operating system and installed third-party software, especially Adobe Flash, Adobe Acrobat & Java, fully patched & up-to-date.

  • Do not download files or click links attached to emails from unknown or untrusted sources.

  • Always run antivirus & anti-malware software.


Did Your PC Get Infected by Reveton?


If Reveton has already snuck its way onto your PC, then here are some tools that may help remove the infection:

[via IC3]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+