Tuesday, January 29, 2013

Buy of the Week: 14" Dell Latitude E6430u for $1,046!

This offer has been extended & included in our February Tech Deals.

Dell Latitude E6430UDesigned to be durable for the professional who works from home as much as the office, the Latitude E6430 offers a 14" screen and a docking ecosystem.

Until Februrary 1st, 2013, you can order a 14" Dell Latitude E6430u from Hyphenet for only $1,046, plus shipping!

Specifications for 14" Dell Latitude E6430u





















































MFR# 469-3883
Display114" LED backlight
1366 x 768 / HD
ProcessorIntel Core i3 (3rd Gen) 3217U / 1.8 GHz
Storage128 GB SSD
RAM4 GB DDR3
GraphicsIntel HD Graphics 4000
Networking802.11n, Bluetooth 4.0,
Gigabit Ethernet
CameraIntegrated webcam
Dimensions (WxDxH)13.3 in x 9 in x 0.8 in
Weight3.7 lbs
Operating SystemWindows 7 Pro (64-bit)
Warranty3-Year Dell Warranty

Call (619) 325-0990 to order a 14" Dell Latitude E6430u today!


Buy of the Week offer valid through February 1st, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer has been extended & included in our February Tech Deals.

Friday, January 25, 2013

DocuSign Phishing Emails Loaded with Data Stealing Trojan

DocuSign Professionals that use DocuSign should beware of an active phishing campaign looking to infect their computer with a data-stealing Trojan, warns antivirus firm Bitdefender.

The phishing email has been carefully crafted to appear as if it were a legitimate notice sent by DocuSign Electronic Signature Service on behalf of the administration department of the recipient’s company.

DocuSign Phishing Email
Screenshot Credit: Bitdefender



From: DocuSign Service (dse@docusign.net)
Subject: To all Employees – Confidential Message

DocuSign
Your document has been completed

Sent on behalf of administrator@bitdefender.com.

All parties have completed the envelope ‘Please DocuSign this document: To All Employees 2013.pdf’.

To view or print the document download the attachment .

(self-extracting archive, Adobe PDF)

This document contains information confidential and proprietary to bitdefender.com

LEARN MORE: New Features | Tips & Tricks | View Tutorials

DocuSign. The fastest way to get a signature.

If you have questions regarding this notification or any enclosed documents requiring your signature, please contact the sender directly. For technical assistance with the signing process, you can email support.

Attached to the email is a zip file named “To ALL Employees.zip,” and it shouldn't be a surprise to anyone that inside the archive is a payload identified as Trojan.Generic.KD.834485.

Once it has infected a machine, Trojan.Generic.KD.834485 will get to work by stealing login credentials stored in email clients & web browsers, attempt to log into other network machines by guessing weak passwords using remote desktop protocol (RDP), possibly download and install additional malware (such as the infamous ZeuS/Zbot), and collect account information related to server names, port numbers, login IDs, FTP clients, and cloud storage programs.

DocuSign is aware of this email threat and has taken the courtesy of posting a warning on their website advising users that legitimate emails do not contain zip or executable files as attachments and to mouseover links to check for the docusign.com or docusign.net domains before following them.

Think You Received a DocuSign Phishing Email?



  • Do not download or open any attached files.

  • Hover your mouse over links to check for the legitimate docusign.com or docusign.net domains. (Note: This may not matter if a file is attached since real emails from DocuSign do not contain attachments.)

  • Report the email by forwarding it to spam@docusign.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

McAfee Labs: Majority of Botnet C&C Servers Located in U.S.

BotnetIf someone were to ask you where you think majority of the active botnet command & control servers (C&C) were located, what would you say?

Russia? China, perhaps?

Although these two countries are first to come to mind when most think of cybermischief, and  70% of exploit kits reportedly come from Russia, neither places are where majority of botnet C&Cs are stationed.

McAfee Labs has a history of monitoring botnet activities and on Wednesday provided a list of the top 10 countries hosting active command & control servers.

Surprisingly, the U.S. comes in at number one, followed by the British Virgin Islands and Netherlands. Russia comes in 4th place, while China barely makes the cut at #9.

  1. United States (631)

  2. British Virgin Islands (237)

  3. Netherlands (154)

  4. Russia (125)

  5. Germany (95)

  6. Korea (81)

  7. Switzerland (77)

  8. Australia (63)

  9. China (48)

  10. Canada (38)


McAfee Labs Botnet Heatmap
Screenshot Credit: McAfee Labs


What do you think?

[via McAfee Labs]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Thursday, January 24, 2013

Malware Abuses Skype Chat to Spread Once More

SkypeSkype users should exercise caution when clicking links shared via chat as there has been an influx in malware using Skype in order to propagate.

Shylock Trojan


CSIS first warned of a new variant of the Shylock Trojan using Skype to spread thanks to its creators updating it with a plugin named “msg.gsm.”

Shylock typically spreads via drive-by-downloads, phishing emails, and removable drives attached to infected systems, but the new addition provided another infection method as it gave the Trojan the ability to abuse Skype’s chat feature to send messages containing links to malicious websites serving the malware.

Other functionality granted by msg.gsm includes sending IMs and transferring files, clearing chat and file transfer history, bypassing Skype’s connection warning/restrictions, and sending requests to a remote server.

That’s only a fragment of what Shylock is capable of, though. Shylock can allow attacker to perform a number of activities on an infected system, like inject malicious code into web pages, steal cookies, download and execute files, and more.

Thankfully, Microsoft has stated that they have managed to completely block Shylock (Microsoft detects it as Backdoor:Win32/Capchaw.N) on Skype, but the company still encourages users to avoid opening links from untrusted sources or visiting untrusted websites.

For those of you who may be concerned that you got hit with the threat prior to it being blocked, Microsoft suggests you watch out for the following symptoms:

  • The presence of messages or files in your Skype conversation history that you do not recall writing or transferring

  • Your Skype conversation history is empty

  • You do not receive alerts or warnings from Skype, where previously you did so


Shylock is known for its advanced detection evasion techniques, so do what you can to prevent an infection (tips below).

Phorpiex Worm


Even if you do manage to avoid Shylock, you still have to worry about WORM_PHORPIEX.JZ, which TrendMicro says is also abusing Skype chat to spread.

Upon infection, Phorpiex will modify the system registry to bypass any firewalls and start whenever Windows does, open a backdoor by connecting to a specific IRC chat server and join the channel #go, send emails with malicious attachments containing a copy of itself, spread to accessible removable drives and download additional malware including a plugin appropriately named WORM_PESKY.A (“Pesky”) that will send out Skype messages reading:
LOL http://www.[REMOVED]x.uk.com/images/php?id=IMG0540250.JPG

Those of you who have read our guide on how to spot a dangerous image link will be able to tell that this link is not what it seems.

Pesky doesn't do much else beyond spam people with malicious chat messages; Phorpiex is the main threat here.

Protecting Your PC


So, now that you know what you’re up against, what can you do to protect your computer?

  • Avoid clicking on suspicious links, regardless of where they come from. Both threats abuse Skype to send IMs, so the malicious link can come from one of your contacts if their machine has been infected.

  • Do not download or open files that come from unknown or untrusted sources.

  • Keep your operating system and installed third-party software fully patched and up-to-date to minimize the chances of a successful drive-by-download attack.

  • Always run antivirus software and keep the virus definitions current.

  • Use a Windows user account with limited privileges (i.e. no permission to install software).


What to Do if Your System is Infected


Already have the misfortune of encountering one of these threats?

For Shylock, Microsoft’s Threat Center states you can use Microsoft Security Essentials (or Windows Defender for Windows 8) to detected and remove it.

For Phorpiex, users can use antivirus solutions by TrendMicro, Microsoft, ESET or Ikarus to detect and remove it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, January 23, 2013

Critical Vulnerability Patched in Foxit Reader 5.4.5 - Update Now

Foxit Reader If Foxit Reader is your preferred choice to open, view and print PDF files, make sure you’re running the latest version, 5.4.5.

Foxit Software released 5.4.5 following the discovery of a serious vulnerability in the Foxit Reader browser plugin that could allow an attacker to execute arbitrary code on a user’s computer.

A security bulletin posted on the Foxit Software’s website explains, “The vulnerability is caused by a boundary error in the Foxit Reader plugin for web browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via an overly long file name in the URL.”

The vulnerability, which was originally found by independent security researcher Andrea Micalizzi, affects Foxit Reader 5.4.4 and earlier.

Users can update to Foxit Reader 5.4.5 by selecting the ‘Check for Updates’ option under the application's Help menu, or by manually downloading and installing the latest update from the Foxit Software website.

Foxit Reader is known to be a safer alternative to Adobe's PDF Reader, which is commonly exploited by attackers. The flaw in Foxit Reader was publicly known for a little more than week before Foxit Software issued the patch.

Do you use Foxit Reader?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, January 21, 2013

Buy of the Week: Basic Google Analytics Installation for $12.99!

Google AnalyticsDo you know how much traffic your website gets?

Google Analytics (GA) is a service offered by Google that generates detailed statistics about the visits to a website. It is the most widely used website statistics service, and is available free of charge.

If you do not already have Google Analytics installed on your existing website, Hyphenet can help you  start tracking website activity by installing the Google Analytics tracking code for just $12.99*!

Benefits of Using Google Analytics


With Google Analytics, you can:

  • Evaluate website traffic flow & see where visitors are coming from

  • Measure the effectiveness of marketing campaigns

  • Identify what links visitors click the most & improve the quality of your web pages


Google Analytics is free to use, although there is a premium version available for a fee.

Call us at (619) 325-0990 to get help installing Google Analytics on your website for $12.99*, and don't forget to ask about our other web services that can help build your company's presence on the web.

* Google Analytics installation for small websites (< 20 pages).

Upgrade to Windows 8 Before Jan 31st, 2013 - Or Else! (You'll Have to Pay WAY More)

Windows 8Still on the fence about whether or not you should upgrade your PC to Windows 8?

You may want to make a decision before January 31st, 2013.

Microsoft announced on Friday that the current promotions allowing folks to upgrade their XP, Vista or Windows 7 machines to Windows 8 Pro for $39.99, or upgrade eligible Windows 7 machines purchased after June 2nd, 2012 for just $14.99, will expire on January 31st, 2013.

Unfortunately that means if you try to upgrade after February 1st, you will be paying a whole lot more to upgrade to Windows 8 as the following upgrade prices take effect:





























PackagePromo PricePrice after Jan 31st
Windows 8 Pro upgrade$39.99 (or $14.99)$199.99 (U.S.)
Windows 8 upgradeN/A$119.99 (U.S.)
Windows 8 Pro Pack$69.99$99.99 (U.S.)
Windows 8 Media CenterFree$9.99 (U.S.)


So, that means you’ll be paying $199.99 to upgrade from XP, Vista, or 7 to Windows 8 Pro, or $119.99 to just upgrade to Windows 8 – not the Pro edition.  Upgrading from Windows 8 to Windows 8 Pro will now cost $99.99 after the promotional period expires.

If you were tossing the idea of upgrading to Windows 8, you may want to do it sooner rather than later. The promotion ends in less than two weeks!

How do you feel about the price jump? Are you interested in Windows 8? Share your thoughts in the comment section below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, January 18, 2013

Nasty Trojan Posing as Bogus Java "Update 11" Patch

Warning: Malware Poses as Java UpdateOn the hunt for the latest Java update?

Make sure you download it from a reliable source, like say, java.com and not some random third-party website.

TrendMicro found at least one website peddling malware disguised as a fake “Java Update 11” update.

The threat in question is a nasty Trojan detected as JAVA_DLOADER.NTW that’s delivered as a file named javaupdate11.jar.

The bogus update file, Javaupdate11.jar, contains javaupdate11.class, which downloads and executes two malicious files:

Once executed, BKDR_ANDROM.NTW will open a backdoor on the infected system to grant remote access to an attacker.

Users are more likely to notice TSPY_KEYLOG.NTW, though, as it will download ransomware (TROJ_RANSOM.ACV) that will attempt to lock the affected machine and demand payment from the end-user to regain access.

Steer Clear of Fake Java Updates!


It’s important to note that this malware does not exploit any Java-related vulnerabilities: it requires user-interaction to make its way onto a PC. So, you should be safe as long as you:

  • Download Java updates directly from Oracle on java.com, or simply use Java’s built-in update mechanism to download and install updates.

  • Do not download Java updates from random websites.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Dangers Still Lurk in Java; Vulnerabilities Found in Java 7 Update 11

The Dangers of Java 7Java has been under a lot of fire recently, both by the cybercriminals that exploit it and various entities that advise users to disable/uninstall it on their computers.

The trouble began on January 10th when word hit that the bad guys behind the BlackHole and Nuclear Packs updated their crimeware with new exploits for a zero-day Java vulnerability affecting all versions of Java 7, including Java 7 Update 10.

Users were told to disable the Java browser plugin – or to remove Java altogether – in order to minimize the chances of an attack.

Three days later, Oracle released Java 7 Update 11 to address the vulnerability and beef up security by switching the default Security Level setting from Medium to High to prevent silent drive-by-download attacks:
This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.

All is well, right? Well, not so much, since reports of Java 7 Update 11 vulnerabilities have already begun to surface.

Adam Gowdiak of Security Explorations wrote a short post on the Full Disclosure mailing list stating they have “successfully confirmed that a complete Java security bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).” Gowdiak went on to say that two new security vulnerabilities were discovered and reported to Oracle along with a working proof-of-concept.

Fortunately, Gowdiak told TheNextWeb that there’s no evidence of these new vulnerabilities being exploited in-the-wild (YET), and that the new security settings in Java 7 Update 11 will prevent some attacks granted the user doesn’t accept the malicious content.

So think twice before allowing unsigned Java applets to run on your system. Or just remove Java from your system.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, January 15, 2013

Buy of the Week: Kensington USB Port Lock with Blockers for $12 (OUT OF STOCK)

This item is currently out of stock.

Kensington USB BlockersReduce the risk of data leakage, data theft and unauthorized uploads with a software-free solution that physically blocks USB ports from unauthorized access. The Kensington USB Port Lock with Blockers has the ability to block multiple adjacent ports with one lock and allow continued secure use of authorized USB devices.

Until January 18th, 2013, you can order Kensington USB Port Lock with Blockers from Hyphenet for only $12, plus shipping!

Specifications for Kensington USB Port Lock with Blockers





























MFR# K67718US
Product TypeUSB port blocker
LocalizationUnited States
Connector Provided4 pin USB Type A x 1
Benefits

  • USB lock prevents unauthorized data transfer through USB ports, reducing the risk of data leakage, data theft, computer viruses and malware by physically locking and blocking the USB Ports

  • Just plug into the USB port and push the button to lock. No technical experience necessary

  • One USB Port Block blocks a port adjacent to a USB Port Lock

  • A USB Port Block used with a single USB Port Lock prevents access to adjacent ports with either vertical or horizontal orientation

  • If you already have encryption software in place, the added layer of physical security is additional insurance against data theft

  • Physically protects valuable data without the complication, installation, maintenance, and upgrade costs of software

  • Stop thieves before the start with a visible sign that you're being protected


Manufacturer WarrantyLimited lifetime warranty

Call (619) 325-0990 to order a Kensington USB Port Lock with Blockers today!


Buy of the Week offer valid through January 18th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This item is currently out of stock.

Monday, January 14, 2013

Apple Locking App Screenshots to Stop Bait & Switch Scams

Apple App StoreAny scammers that were hoping to pull the ol’ bait & switch routine in the Apple app store by switching the screenshots for their apps after it has been approved may have a rough time doing so thanks to Apple’s new policy change.

Last Wednesday, Apple announced to Apple Developers that “app screenshots will be locked in iTunes Connect once your app has been approved.”  The only way developers can upload new screenshots is to submit a binary for an update for an existing app, or a brand new app.

The idea behind this change is to stop the widely-used scam tactic where ill-willed developers upload legitimate screenshots to get their app approved and then swap them out with different screenshots (sometimes from another popular app) to trick users into downloading the app.

Hopefully this will prevent users from paying for apps that aren’t quite what they seem.

[via Security Watch]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

(Updated) A Patch Coming for IE Zero-Day Later Today

Internet Explorer

Update: Microsoft has released the patch, as promised. Users can update via Windows Update or download & apply the patch manually.

Microsoft is planning on releasing an out-of-band update later today to address the zero-day vulnerability in Internet Explorer 6, 7 & 8 (CVE-2012-4792) which could allow attackers to execute malicious code.

This is excellent news considering cybercriminals have been exploiting the bug since December, and researchers wound up bypassing the temporary FixIt solution that Microsoft issued to help users defend themselves against attacks.

When it is released, users can download and apply the patch via Windows Update and other standard distribution channels. If you happened to install the temporary FixIt solution, Microsoft stated that it is not necessary to uninstall it before applying the permanent patch.

Microsoft will be holding a special, live webcast to answer any questions related to this update today, Monday, January 14th at 1 p.m. PST. You can register for the webcast here.

[via Microsoft]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, January 8, 2013

Spam Alert: More FedEx Phishing Emails Hitting Inboxes

FedExBrace yourselves, folks - more FedEx spam is coming your way!

Our last copy of FedEx spam arrived back in early December, and it doesn’t look like much has changed since. The sender’s address is still some random email (not a fake fedex.com address), the subject line is still a random tracking number, and the goal is still to infect your computer with Win32/TrojanDownloader.Zortob.B.

Here’s the email (the previous version can be seen here):

FedEx Spam (1/7/12)
From: Shipping Service (clients-262@corpuschristi.com)
Subject: Tracking ID (387)91-387-387-9611-9611

FedEx

Order: JN-1454-28625287
Order Date: Thursday, 3 January 2013, 11:23 AM

Dear Customer,

Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.

GET & PRINT RECEIPT

Best Regards, The FedEx Team.

For those of you who are curious (or possibly new to this FedEx spam thing), when you click the ‘Get & Print Receipt’ link, you will be taken to a third-party site that will download the file Postal-Receipt.zip onto your PC. Hopefully you will not make the mistake of opening this file as it contains the aforementioned Zortob.B Trojan.

What to Do With FedEx Spam


If you receive an email like the one above, it is strongly recommended that you:

  • Do not click on any links or open any attached files.

  • Report the email to FedEx by forwarding it to abuse@fedex.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Yahoo! Fixes XSS Exploit Used to Hijack Yahoo! Mail Accounts

Yahoo! MailAn unknown number of Yahoo Mail users found their accounts compromised yesterday, thanks to a document object model-based cross-site scripting vulnerability that was discovered by a security researcher by the name of Shahin Ramezany.

Ramezany posted a video on YouTube demonstrating the XSS vulnerability, which only takes minutes to execute and affects all current browsers, on January 6th. According to the video, a Yahoo! Mail user can fall victim to the exploit by simply clicking on a malicious link sent to them via email, putting an estimated 400 million accounts at risk of being taken over.

Users that were affected by the exploit took to Twitter to complain and warn anyone that received an email from them not to click any embedded links.

Thankfully Yahoo! stepped in to close the security hole yesterday evening, issuing the following statement to The Next Web in the process:
“At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

Lesson to be learned here? Exercise caution when following links, even when they are sent by a friend - you never know what hides behind it!

Update: Researchers say Yahoo! Mail exploit still active, despite claim of being fixed

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, January 4, 2013

Buy of the Week: OKI B411d Laser B/W Printer for $117

This deal expired on 1/11/13.


OKIDATA B4111d Laser B/W PrinterIf you're looking to improve the productivity and lower the operating costs of your business, the B411 series offers all of that and more.

For starters, select series models deliver up to 35 ppm, with the first page printing in less than 5 seconds. They produce output in black and white that's clear and crisp, at up to 2400 x 600 dpi resolution, using a two-piece consumables system for long-lasting performance and a low cost of operation.

Until January 11th, 2013, you can order a OKI B411d Laser B/W Printer from Hyphenet for only $117, plus shipping!

Specifications for OKI B411d Laser B/W Printer

























































MFR# 91659801
Printer TypeWorkgroup Printer - LED - Monochrome
Print SpeedUp to 35 ppm (max speed)
Max Resolution (B&W)2400 dpi x 600 dpi
Duplex PrintoutDuplex
InterfaceParallel, USB
Processor330 MHz
RAM Installed ( Max )64 MB ( 320 MB )
Language SimulationPCL 5E, EPSON FX,
PCL 6, IBM ProPrinter III XL
Media TypeEnvelopes, plain paper,
bond paper, water resistant paper,
proofing paper
Media Handling250-sheet input tray,
1-sheet multipurpose tray
Monthly Duty Cycle80,000 pages
Warranty1-Year OKIDATA Warranty

Call (619) 325-0990 to order a OKI B411d Laser B/W Printer today!


Buy of the Week offer valid through January 11th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This deal expired on 1/11/13.

Don't Accept Bikini Screensavers Offered via Spam

Bikini Photo

Sophos is warning users not to fall for the latest trap spammers are planting inside email inboxes: unsolicited messages claiming to have bikini photos inside an attached zip file.

Here’s one of the emails picked up by SophosLabs:
Subject: Merry Christmas
Hello my dear!!!

How are you? As I promised, here’s my bikini photos. I hope you will be love it!
This is my humble gift for Christmas! See you later :)
Your love Ciara
28.12.2012

If the poor grammar wasn't an indicator of a potential scam, then the attached file, Bikini.zip should raise some red flags as it contains a Windows screensaver file named “Bikini.scr” instead of a bunch of regular image files.

That's likely because .SCR files are executable (capable of installing code) and can unleash mayhem on your poor machine. So don't open them unless they're coming from a trusted source.

Sophos detects this threat as Troj/Agent-ZMO, but you should be able to avoid it as long as you don't open files attached to spam.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, January 2, 2013

Microsoft Issues FixIt for IE 0-day Being Exploited In-the-Wild

Internet ExplorerUsers that fire up older versions of Internet Explorer to surf the web may want to apply the FixIt solution that Microsoft released to help defend against attacks using a zero-day vulnerability that surfaced last week.

Microsoft stated that the remote code execution vulnerability, CVE-2012-4792 exists due to the way IE accesses an object in memory that was not properly allocated or deleted. Only Internet Explorer versions 6, 7 and 8 said to be affected by this flaw.

The vulnerability is actively been exploited in-the-wild to conduct drive-by-download attacks.

Security firm FireEye was the first to spot the flaw after receiving reports on December 27th, 2012 that the Council on Foreign Relations (CFR) website had been compromised & was serving malware.  FireEye later confirmed that the CFR website was hosting malicious content as early as Friday, December 21st; however, SophosLabs pushed the date back even further, suggesting that attacks began back on December 7th.

As if that wasn’t bad enough, Sophos warns that the vulnerability is being exploited on at least five other websites, hinting that the attacks may not be as limited as initial reports suggest.

Tips to Keep Your PC Safe


Until Microsoft releases an official patch to correct this security flaw, users are advised to:

  • Apply the easy one-click “Fix It” solution that Microsoft released; just keep in mind that this is a temporary fix until Microsoft can issue an official patch.

  • If possible, upgrade to Internet Explorer 9 (requires Vista or higher) or Internet Explorer 10 (requires Windows 8).

  • Switch to a different browser if you are unable to upgrade IE or apply the FixIt.

  • Always run antivirus software that offers real-time scanning. (Sophos & Symantec are two AV vendors that have updated their software to block attacks using this vulnerability.)

  • Use a Windows account with limited access. Microsoft’s security advisory states that attackers may inherit the same user rights as the victim, so limited privileges may limit the amount of damage done.

  • Keep your operating system & installed software current, and definitely apply the official patch when released.

  • Exercise caution when following links or suspicious URLs.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+