Friday, March 29, 2013

Tibetan Activists Targeted by Phishing Attack Toting Android Trojan

Android TrojanPhishing attacks targeting Tibetan activists aren’t anything new, and there have been a variety of malware spam campaigns affecting both Windows and OS X systems in recent months.

It appears as though the dangers have spilled over into the mobile world, however,  as Kaspersky Lab recently spotted a new spam campaign spreading malicious APKs – or Android applications.

Researchers say that the perpetrators hacked into the email account of a “high-profile Tibetan activist” & used it to fire off spam messages like the one below to other activists:

WUC Conference in Geneva



Subject: WUC’s Conference in Geneva

22 March 2013 World Uyghur Congress

In what was an unprecedented coming-together of leading Uyghur, Mongolian, Tibetan and Chinese activists, as well as other leading international experts, we were greatly humbled by the great enthusiasm, contribution and desire from all in attendance to make this occasion something meaningful, the outcome of which produced some concrete, action-oriented solutions to our shared grievances. The attachment is a letter on behalf of WUC, UNPO and STP.

Attached to the email is an APK file, WUC’s Conference.apk that, when installed on the recipient’s Android device, will populate an app named “Conference” in the app drawer.

When launched, the app displays text to the end-user related to the upcoming event, and proceeds to connect to its command and control server  in the background. At that point, the Trojan siphons the following data from the device and relays it back to its operators upon command:

  • Contacts (stored both on the phone and the SIM card).

  • Call logs.

  • SMS messages.

  • Geo-location.

  • Phone data (phone number, OS version, phone model, SDK version).


The C&C for the Trojan, which Kaspersky detects as Backdoor.AndroidOS.Chuli.a has a Los Angeles, CA based IP address, 64.78.161.133.

Researchers noted that the domain, DlmDocumentsExchange.com has previously been associated with that IP. The domain name was registered to a Chinese address on March 8th, and serves up a similar APK file with text discussing the disputed “Senkaku Islands / Diaoyudao Islands / Diaoyutai Islands” written in Chinese. That, plus the fact that the public-facing admin interface and server’s operating system are in Chinese, leads researchers to believe that the attackers are at least Chinese-speaking.

Either way, the attack would be unsuccessful without user-interaction, and can be easily avoided as a result.

As always, users are advised not to download or install Android applications distributed via email, SMS, or any untrusted sources, and always vet apps - even when downloaded from the Google Play store.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Buy of the Week: Dell Latitude 10 Tablet for $578

Dell XP 10 TabletLatitude 10 is the tablet that's built for business with easy management and security, and a swappable battery for go-anywhere productivity.

Until April 5th, 2013, you can order a Dell Latitude 10 Tablet from Hyphenet for only $578 + shipping!

Specifications for Dell Latitude 10 Tablet





























































MFR# 469-3998
Product TypeTablet
Display10.1" IPS TFT
WLED 1366 x 768 (Multi-Touch)
Processor
1.8GHz Intel Atom Z2760 ( Dual-Core )
Storage64 GB
RAM2 GB RAM
Supported Flash Memory CardsSD Memory Card
Wireless ConnectivityYes
Camera8 Megapixel rear,
2 Megapixel front
FeaturesUSB host, HDMI Port
Dimensions (WxDxH)10.8" x 7" x 0.4"
Weight22.9 oz
Operating SystemWindows 8 Pro 32-bit Edition
Warranty1-year Dell Warranty

Call (619) 325-0990 to order a Dell Latitude 10 Tablet today!


Buy of the Week offer valid through April 5th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Trojan Poses as Flash Player 11 Update, Changes Browser Home Page

Flash Player Be sure to refer to Adobe’s official website if you’re looking to update Flash Player to the latest version.

There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.

Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:

 Fake Flash Player 11 installer


While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:

  • www.anasayfada.net

  • www.heydex.com


“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.

Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.

Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.

  • Only download Flash Updates from adobe.com, and not some random website.

  • Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).


Is Your Computer Infected?


To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:

  • Microsoft 

  • McAfee

  • AVG

  • Ikarus


Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, March 28, 2013

Malware Uses Evernote as Command & Control Server

Evernote TrojanTrendMicro researchers have recently stumbled upon a piece of malware that uses the popular note-taking service, Evernote as its command and control server.

The malware, which TrendMicro detects as BKDR_VERNOT.A is classified as a backdoor, and grants an attacker remote access to an infected system to do as they please.

“The sample we gathered consists of an executable file, which drops a .DLL file and injects it into a legitimate process,” Threat Response Engineer, Nikko Tamana  explained on the TrendMicro blog, “The said .DLL file performs the actual backdoor routines.”

Aside from downloading and executing additional files, those backdoor routines include collecting information about the infected system, such as the OS, timezone, user name, computer name, registered owner and organization.

TrendMicro researchers found that commands were retrieved from the notes saved in an Evernote account, which is also suspected to be the location where the stolen data is unloaded.

This is not the first time that malware authors have abused a legitimate service to relay information and evade detection. Twitter and Google Docs are two other services that have been used by malware in the past.

Keeping Your System Safe


BKDR_VERNOT.A is spread via drive-by-download and other malware, so users can minimize their chances of infection by:

  • Keeping their operating system and installed third-party software fully patched and up-to-date.

  • Running antivirus software with the latest virus definitions.

  • Exercising caution when following suspicious hyperlinks (even if they appear to be harmless image links).

  • Scanning email file attachments before downloading and/or opening them.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, March 26, 2013

FireMe! Site Serves as a Reminder to Watch What You Say Online

Angry Twitter BirdAlways think twice before posting your thoughts and/or feelings, especially when doing it in a public forum like Twitter or Facebook.

After all, you never know who’s reading, and there’s no telling when someone will create website that will highlight your incriminating status updates.

Take the new FireMe! site:  it displays public tweets where users have badmouthed their boss or declared a general hatred for their job.

You know, the type of inappropriate comments that have actually gotten other people fired.

Infact, there are additional stories of people getting canned over their social network posts linked from the FireMe! ‘About’ page, which also clarifies that the website was only created to raise awareness about the dangers of public online data.

file-under-firedUsers picked up by FireMe! will receive a link to their FireMeter! score, which is a percentage grading how likely they are to be fired based on the amount of job-related negativity in their last 100 tweets.  Users were also provided three followup options:

  • Delete that compromising tweet!

  • Check my privacy settings on Twitter

  • I don’t care!


Considering this isn’t the first website to aggregate foot-in-mouth comments made on Twitter, it may be time to adjust your privacy settings – especially if you have a tendency to overshare or vent your frustrations online.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, March 22, 2013

Buy of the Week: HP Officejet Pro X451dn for $452!

HP Officejet Pro X451dn

The next generation of printing is here.

With the HP Officejet Pro X451dn Printer, you can print professional-quality color up to twice the speed and half the cost per page of color lasers. Plus, get auto two-sided printing and a 500-sheet input tray, so you can load less and print more.

Until March 29th, 2013, you can order a HP Officejet Pro X451dn from Hyphenet for only $452 + shipping!

Specifications for HP Officejet Pro X451dn





























































MFR# CN459A#B1H
Product TypeWorkgroup Printer - Inkjet - Color
Inkjet TechnologyHP PageWide
Print Speed
Up to 55 ppm - Black Draft - (8.5" x 11")
Up to 55 ppm - color Draft - (8.5" x 11")
Up to 36 ppm - B/W (ISO/IEC 24734) - (8.5" x 11")
Up to 36 ppm - Color (ISO/IEC 24734) - (8.5" x 11")
Max Resolution (B&W)1200 x 1200 dpi
Max Resolution (Color)2400 x 1200 dpi
Automatic DuplexerYes
InterfaceUSB 2.0, LAN, USB host
AirPrint EnabledYes
Total Media Capacity550 Sheets
Monthly Duty Cycle (Max)50,000 pages
NetworkingNetwork adapter
System RequirementsLinux,
Windows XP SP3 or later,
Windows Vista (32/64 bits),
Microsoft Windows 7 (32/64 bits),
Windows 8,
OS X 10.6 Snow Leopard,
OS X 10.7 Lion,
OS X 10.8 Mountain Lion
Warranty1-year HP Warranty

Call (619) 325-0990 to order a HP Officejet Pro X451dn today!


Buy of the Week offer valid through March 29th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Thursday, March 21, 2013

Yontoo Trojan Installs Adware Browser Plugins to Inject Ads in Webpages

Mac OS X TrojanRussian antivirus vendor Dr. Web is warning OS X users about a new Trojan, detected as Trojan.Yontoo.1 (“Yontoo”) that installs adware browser plugins on whatever computer it manages to infect.

Users are often duped into downloading Yontoo after landing on a movie trailer page that prompts them to download & install a [missing] browser plugin, media player, video quality enhancement program or download accelerator.

When launched, Yontoo will display a dialog window  to the victim asking them to install a program called “Free Twit Tube” –

Yontoo Prompts User to Install Free Twit Tube


 

However, Yontoo proceeds to download and install adware plugins for Safari, Chrome and Firefox instead.  As users surf the web, the plugins relay browsing data to a remote server, which then returns a file that enables the Trojan to inject ads (via third-party code) into webpages loaded in the affected browser.

So, for example, when a user visits apple.com on an infected machine, they may see something like this:

Yontoo Trojan Injects Ads into Websites, like Apple.com


 

While Dr. Web’s write-up focuses on the attack targeting OS X users, it is important to note that Windows users are also subject to Yontoo infections, although Symantec classifies Yontoo as a “potentially unwanted app” vs. Trojan (an app that claims to be one thing when it’s another).

Either way, the ol’ “missing plugin” bit is rather old, so don’t fall for it. Be careful what you install on your computer, and always read the installation dialogs.

Removing Yontoo from Your PC


If you’ve already been tagged by the Yontoo Trojan, you can perform a full system scan using one of the following antivirus programs to remove the infection:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Old "Is Human" WordPress Plugin Still on Cybercriminals' Hit List

Cybercriminals search for Is Human WP PluginJust because something isn’t readily available anymore doesn’t necessarily mean that someone isn’t out there searching for it.

Take the “Is Human” WordPress plugin, for example.

It’s no longer available for download, no longer supported by its developers, and yet cybercriminals are still scanning websites hoping that someone still has it installed.

Why? Because versions 1.4.2 and earlier suffer from a remote command execution vulnerability. Below is a write-up from the corresponding exploit-db entry:
The vulnerability exists in /is-human/engine.php.

It is possible to take control of the eval() function via the 'type' parameter, when the 'action' is set to log-reset. From here we can run out own code.

In order to avoid any errors we point the $is_hum->get_* array variable into $is_hum->get_ih and to close the execution without error we point it to php stored function error_log(). In between we may place our own php code and use the passthru() function to execute commands.

Execution running the linux whoami command:

http://server/wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options();passthru(whoami);error

We recently experienced attempts to exploit said vulnerability on our website, all of which failed because we don't use this plugin - not to mention they used the incorrect filepath. All attempts originated from the same (U.S.-based) IP address:
/blog/2013/02/01/hackers-still-scanning-for-vulnerable-timthumb-scripts/wp-content/plugins/is-human/engine.php?action=log-reset&error&eval(base64_decode(JHM9cGhwX3VuYW1lKCk7Cm
VjaG8g
Jzxicj4nLiRzOwoKZWNobyAnPGJyPic7CnBh
c3N0aHJ1KGlkKTsK))&type=ih_options()

The  base64_ decoded text is:
$s=php_uname();
echo '<br>'.$s;

echo '<br>';
passthru(id);

Obviously this post serves as a warning to anyone that may still have this plugin installed on their WordPress website. Cybercriminals will attempt to exploit any vulnerability – old or new – to cause mischief and mayhem.

WordPress is a popular CMS, and it’s important that anyone running it keeps the platform and any installed plugins up-to-date.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, March 19, 2013

Watch Out for Mobile Adware Posing as Candy Crush Saga Apps

Candy Crush SagaThink twice before you download apps that claim to offer cheats or guidance for the popular matching game, Candy Crush Saga.

TrendMicro warns that ill-willed developers have started cashing in on the game's popularity by creating fake Candy Crush apps containing the code for the Leadbolt & AirPush ad networks.

AirPush and Leadbolt have gained quite a poor reputation for their “aggressive marketing practices,” which include placing ads to the notification/status bar, placing ad-enabled search icons on your mobile desk, and collecting user information.

Infact, these ad networks (and a few others) have become such a nuisance that developers & mobile security app vendors have released apps capable of detecting their presence so users can determine which apps are displaying ads on their device (and need to be removed).

TrendMicro’s mobile security app detects the AirPush & Leadbolt ad networks as ANDROIDOS_AIRPUSH.HRXV and ANDROIDOS_LEADBLT.HRY, respectively.

How to Avoid Candy Crush Saga-Themed Adware


As a fan of Candy Crush Saga, I can tell you that a large part of the game relies on luck, so those “cheats” and guides won’t be of much use since the candies aren’t laid out in a specific pattern.  You’ll have to figure it out on your own.

Aside from that, you can gauge the safety of an app by:

  • Check the number of downloads and the app’s rating.

  • Reading user reviews – usually users will spill the beans on what’s really going on with an app.

  • Do a little homework on the developer – i.e. Google their name and make sure there aren’t any red flags in the results.

  • Review the app permissions – sometimes the permissions can be hard to gauge (as some legitimate apps require odd permissions), but other times they can throw a big red flag. Either way, look them over and listen to your gut if something seems off.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, March 18, 2013

Experian Spam Used to Spread Data-Stealing Trojan

Computer Trojan HorseDon’t open any files attached to emails purporting to be from Experian, claiming that a “key change” has been posted to “one of your three national credit reports.”

Spammers are pumping out Experian phishing emails in an attempt to infect as many computers as possible with malware.

Below is a copy of the email to watch out for:
From: Experian
Subject: IMPORTANT – A Key Change Has Been Posted

Experian

Membership ID #932823422

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian, Equifax, and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:

  • View detailed report by opening the attachment.

  • You will be prompted to open (view) the file or save (download) it to your computer.

  • For best results, save the file first, then open it in a Web browser.

  • Contact our Customer Care Center with any additional questions.


Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

© 2013 Consumerinfo.com, Inc.

The danger of this email lies within the attached file, Credit_Report_XXXXXXXXX.zip which contains an .exe file with the same name and a misleading PDF icon. A virus total scan of the exe reveals that it is actually PWS:Win32/Fareit, and not a credit report as the email suggests (big surprise there).

Did You Receive This Email?


If this email lands in your inbox, be sure that you:

  • Do not download or open any attached files.

  • Report the email to SpamCop.

  • Delete the email immediately.


Did You Already Open the Attached File?


According to Virus Total, 29/46 antivirus programs are capable of detecting the threat associated with this spam campaign, so double-check the VT results and make sure your antivirus can catch it.  Then, do a full system scan and remove any detected threats.

[via DataProtectionCenter.com]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, March 15, 2013

Facebook Pushes App Update to Android Users.... Outside of Google Play

Warning: Shady Facebook Activity AheadOh Facebook, WHAT are you doing?

There are reports that Android users that have the Facebook app installed on their devices are being nagged to download and install an update – OUTSIDE of Google Play.

While at first glance this may appear as if there were a bit of malicious activity going on – as authentic app updates are usually delivered via Google Play – it is actually a legitimate update that Facebook says they’re rolling out to a small number of users.

The reason why they decided to push it outside of the Google Play store is still left unclear, but hey, it’s not like it’s the first shady thing they’ve done with the Facebook App for Android.

Obviously this update cannot be applied unless the device is set to allow applications from “Unknown sources” (aka outside of Google Play) to be installed, but enabling this setting is obviously not recommended for security reasons.

Facebook claims that only users with WiFi enabled will get the update notification; however, complaints within the Help Center conflict with that statement. Judging from the thread, I’d say Facebook users are wondering why the social networking giant thinks they’re above pushing updates via Google Play like everyone else.

What are your thoughts on this? Would you install this update on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Lenovo ThinkCentre M92z 3318 All-in-One for $898!

Lenovo ThinkCentre M92zThe Lenovo ThinkCentre M92z All-in-One (AIO) desktop simplifies your workspace management along with performance, features and reliability. Change the way you manage desktops and enterprise applications using the Intel vPro ready technology.

Until March 22nd, 2013, you can order a Lenovo ThinkCentre M92z 3318 All-in-One from Hyphenet for only $898 + shipping!

Specifications for Lenovo ThinkCentre M92z 3318 All-in-One

























































MFR# 3318F9U
Product TypePersonal Computer
Form FactorAll-in-one
Display23" LED Display
1920 x 1080 (Full HD)
ProcessorIntel Core i3 (3rd Gen) 3220
3.3 GHz (Dual-Core)
RAM4 GB DDR3 SDRAM - 1600 MHz
Hard Drive500 GB
Optical DriveDVD-Writer
GraphicsIntel HD Graphics 2500
Audio OutputIntegrated - stereo
NetworkingGigabit LAN
Input DeviceMouse, keyboard
Operating SystemWindows 8 Pro (64-bit)

Call (619) 325-0990 to order a Lenovo ThinkCentre M92z 3318 All-in-One today!


Buy of the Week offer valid through March 22nd, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Thursday, March 14, 2013

AVG Mistakenly Flags Windows System File as Trojan

AVGAVG antivirus software caused a bit of ruckus for Windows XP users on Thursday morning after incorrectly flagging the Windows system file, wintrust.dll as a Trojan,“Generic32.FJU.”

Users that followed the software’s instructions to remove the file and reboot the system would have their machines caught in a never-ending restart cycle.

At that point, users would have to use a Rescue CD to help boot the affected system and copy the wintrust.dll file (from another PC) back to the Windows System 32 folder in order to return things back to normal.

Thankfully AVG released a virus update to correct the problem shortly before 1pm, pushing out virus database 567 for AVG version 9.0 and 2012, and virus database #6174 for AVG 2013.

It is unclear how many users were affected by the false positive.

[via H Security]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spam: Surprise! That 40% Apple Discount Coupon is Actually ZeuS Banking Malware

AppleIf you get an email offering a coupon to get 40% off Apple products – don’t open the file attached!

Spammers have been sending out emails with bogus coupons that can allegedly be used to shave 40% off the cost of a shiny new iMac, Macbook, or whatever other Apple product the recipient chooses to use it on.

Unfortunately, the only thing enclosed in the file attached to the email, Apple coupon.zip is a copy of the ZeuS Trojan, which will cost the victim money - not help save it - since it steals banking information.

Here's the email to watch out for:

Apple Discount Coupon Spam



From: Apple Inc.
Subject: You are the one!

One out of thousand!

Only 1000 people have been chosenas winners and you turned out to be one of them!

We?d like to offer you a 40% discount coupon for any Apple production (it?s attached to this email). You can buy a MacBook, iPod, iPhone or anything else Apple products you want! All you need to do is print it out and present at the checkout.
So, next time you go to BestBuy, Circuit City or Apple Store you are able to save up to 40% of any purchase of Apple production.

The discount coupon is accepted in Circuit City, Apple Store ot BestBuy

All the rules and detailed information about the lottery are also can be found in the attachments to this email.

Congratulations!

Did You Get This Email?


If you get an email like the one above, it is recommended that you:

  • Do not download or open any files attached to it.

  • Report the email to SpamCop.

  • Delete the email immediately.


[via Barracuda]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

BBB - Better Business BureauSpammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:
Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 
Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!


Given that this threat requires user-interaction, avoiding it should be relatively simple.

  • Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.

  • Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).

  • Always keep your operating system and installed third-party software patched and up-to-date.

  • Always run antivirus software that offers real-time scanning and keep the virus definitions current.


Too Late?


Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, March 12, 2013

Hackers Post Financial Data of High-Profile Celebrities & Politicians

facebook-phishing-scamFor whatever reason, hackers have taken it upon themselves to dump personal and financial information of a number of U.S politicians, high-profile celebrities and a police chief online for all to see.

Victims “doxed” in this attack include Ashton Kutcher, Jay-Z, Beyonce, Kim Kardashian, Britney Spears, Paris Hilton, Mel Gibson, First Lady Michelle Obama, Vice President Joe Biden, Secretary of State Hillary Clinton, and U.S. Attorney General Eric Holder.

The sensitive data published online includes the social security numbers, date of birth, addresses, credit card and mortgage information, and a various other pieces of information that the victims would’ve likely preferred to keep private.

As if disclosing all that information weren’t bad enough, the hackers made sure to enclose a rather unflattering picture of each victim alongside their personal details.

So far there's no telling who's behind the attack, but the website listing all of the confidential information – which we will not disclose for obvious reasons – sits on a .su top-level domain and contains an anti-police message written in Russian.

The Los Angeles Police Department is investigating matters, and the FBI has stated that they are aware of the website but has not clarified whether or not they will get involved.

[via BBC News]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, March 8, 2013

Buy of the Week: Ergotron DeskStand DS100 for $244!

Ergotron DeskStand DS100The DS100 Series is a line of products within Ergotron's flat panel monitor Adjustable Rotating Mounting Solutions (ARMS). Conserve desk space by suspending flat panel monitors on a single base. Choose between multiple configurations and adjustment ranges. Easily adjust the height and position of all monitors to a comfortable, ergonomically appropriate position.

Until March 15th, 2013, you can order a Ergotron DeskStand DS100 from Hyphenet for only $244 + shipping!

Specifications for Ergotron DeskStand DS100









































MFR# 33-091-200
Product TypeStand
Recommended UseDual flat panel
Recommended Display SizeUp to 24"
Flat Panel Mount Interface100 x 100 mm, 75 x 75 mm
Max Load Weight46 lbs
MaterialAluminum, steel
ColorBlack
Warranty5 years warranty

Call (619) 325-0990 to order a Ergotron DeskStand DS100 today!


Buy of the Week offer valid through March 15th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

"CIA 'Deleted' Hugo Chavez" Spam Leads to Malware Attacks

Email Security WarningDo not let curiosity get the best of you (and your PC) if an email drops in your inbox suggesting that the CIA and FBI played a role in the death of Venezuelan President, Hugo Chavez.

Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.

Below is an example email that Kaspersky researchers warn users not to fall for:
Subject: CIA “DELETED” Venezuela’s Hugo Chavez?

Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.

Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.

Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez

To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)

The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.

Tips to Stay Safe


Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:

  • Always keep your operating system and installed third-party software fully patched and up-to-date.

  • Always run antivirus software that offers real-time scanning and keep the virus definitions current.

  • Do not click hyperlinks embedded in unsolicited emails.

  • Do not download or open files attached to unsolicited emails.

  • Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.

  • Remain vigilant when surfing the web – dangers lurk everywhere!


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tuesday, March 5, 2013

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook EmailFacebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:
Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account


Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

  • Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.

  • Always double-check the URL in your address bar before entering any confidential information, including login credentials.

  • Beef up your Facebook account security by enabling login notifications and login approvals.


Did You Fall for This Scam?


If you have already fallen for this scam:

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Oracle Fixes Java 0-Days …Again (Last Java 6 Patch)

JavaOracle has released an emergency patch to address two critical vulnerabilities in Java 6 and Java 7, CVE-2013-0809 and CVE-2013-1493.

It was just last week that FireEye researchers advised users to disable Java browser plugins following the discovery that cybercriminals were exploiting CVE-2013-1493 to spread McRAT malware.

Oracle had intended to include a fix for the bug in the critical patch update scheduled for April 16th, but decided to release it ahead of time given the ongoing attacks. The company has been aware of the bug since February 1st, 2013.

Oracle recommends that users upgrade to the latest versions of Java, which are now Java 7 Update 17 or Java 6 Update 43 (no word on why Java 7 U16 or Java 6 U42 were skipped).

By the way, Oracle has stated that this will be the last security update for Java 6, so it's time to update to Java 7 if you wish to continue receiving public updates & security enhancements.

Users can upgrade Java by:

  • Using the built-in auto update feature or manually check for updates through the Java Control panel.

  • Downloading the latest version from java.com.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, March 4, 2013

Evernote Hacked, Resets 50 Million Account Passwords

EvernoteEvernote users were instructed to create a new password following the discovery of a security breach on Saturday.

Evernote says that they were able to detect and block what appears to have been a “coordinated attempt to access secure areas of the Evernote Service.”

There is no indication that content stored in Evernote, or payment information for Premium or Business accounts were accessed; however, the company says that the hackers were able to access the usernames, encrypted passwords & email addresses of Evernote users, prompting the reset of all account passwords as a security measure.

Users can create a new password by signing into their account on evernote.com. Passwords will need to be updated in Evernote apps after it has been changed on evernote.com.

Evernote has offered the following advice to users to help keep their accounts safe:

  • Avoid using simple passwords based on dictionary words

  • Never use the same password on multiple sites or services

  • Never click on ‘reset password’ requests in emails — instead go directly to the service


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, March 1, 2013

Disable Java Browser Plugin, New 0-Day Vulnerability Under Attack

Zero-day Java ExploitIt’s starting to feel as if another day means another Java exploit will be found.

FireEye researchers are sounding the alarm after detecting a new Java zero-day vulnerability (CVE-2013-1493) that cybercriminals are actively exploiting in-the-wild.

The security flaw, which FireEye says was used to “attack multiple customers,” can be successfully exploited in browsers with Java 6 Update 41 and Java 7 Update 15 plugins installed.

FireEye researchers offered insight as to how the exploit works:
Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process.

After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable (disguised as a file called svchost.jpg) from same server hosting the JAR file and then execute it.

One relatively good thing to note is that FireEye researchers did say that the exploit is not very reliable given the fact that it tries to overwrite a big chunk of memory, and although the payload is downloaded, it fails to execute and the JVM crashes.

In the event that the attack goes smoothly, McRAT malware (detected by Microsoft as Backdoor:Win32/Mdmbot.F) will be planted on the compromised system.

Keeping Your System Safe


FireEye notified Oracle of this new vulnerability, but advises customers to take one of the following courses of action until a patch is released:

  • Disable the Java plugin in your web browsers, or;

  • Set Java security settings to “High” and do not execute any untrusted Java applets.


Aside from that, it is also recommended that users always run antivirus software on their computers and keep the virus definitions current given that 27/46 antivirus programs are capable of detecting the threat associated with this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Buy of the Week: Belkin Office Series Surge Suppressor for $16!

Belkin Surge SuppressorThis Belkin Home/Office series Surge Protector provides premium power protection for both home and professional workstations, and all connected devices

Until March 8th, 2013, you can order a  Belkin Office Series Surge Suppressor from Hyphenet for only $16 + shipping!

Specifications for Belkin Office Series Surge Suppressor









































MFR# BE108230-06
Product DescriptionBelkin Office Series Surge Suppressor
Input Connectors1
Dataline Surge ProtectionCable TV
Phone line
Surge SuppressionStandard
Surge Energy Rating3550 Joules
EMI/RFI Noise Filtration43 dB
Cables Included1 x power cable - integrated - 2.5 ft
WarrantyBelkin Limited Lifetime Warranty

Call (619) 325-0990 to order a Belkin Office Series Surge Suppressor today!


Buy of the Week offer valid through March 8th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.