How to keep your email safe…

Spam isn’t only annoying but it is also dangerous to users.  Attackers often send vast broadcasts with misleading IP addresses and email addresses.  Over 27 million Americans have been a victim of identity theft in the past five years.  More than 9 million people found their identities were stolen last year alone.
If a spammer gets a hold of both a company’s email and IP adress, the impact can be disastrous.  The company’s Internet connection would be terminated by it’s Internet Service Provider (ISP) if its an email that is added on the black list of spamming addresses.  It is very important to guard all gateways of a network.  Having a firewall and anti-virus software sometimes isn’t enough to keep you safe.  An intrusion detection system(IDS) is good to have, this system makes sure nobody is able to access your network without permission.
We have gotten a little wiser when it comes to email spams and scams.  Cybercriminals are also doing their homework and becoming more clever with these scams.  An email scam might start out with a bill that’s owed or even a wedding invitation from a friend.

Here are a few tips for keeping your email safe:

• Look at the IP address

Check the link from the sender by hovering over the email address, make sure the link looks legit and makes sense.

• Be careful with shortened URLs

Twitter uses URL shorteners but be cautious if you receive one in your email. Ask yourself why would anyone not want to show the company they are sending an email from.

• Telephone numbers aren’t guaranteed

Even if the email looks professional and has a telephone number, it can be a cyber-criminal trick. The phone number may lead you to a scammer requesting for personal information.

• Don’t give out your email address

Giving out your email address is a bad idea. Electric companies in the U.S. were targeted with a “spear phishing” attack, which used information on company websites. Also be aware of the uncertainty of putting your email address public to social networks or Craigslist.

• Don’t auto load images

Don’t configure your email settings to where images are automatically downloaded. This will send a signal to spammers and the images sent to you are stored onto their servers with your email connected to them.

• Don’t spam yourself

Be mindful of filling out internet forms. Don’t click on the “I want to receive information”, box unless you truly trust the company. Even if the company is reputable, your email could possibly be passed on to other lists.

• Don’t store important information in your “Sent” folder

Bank account information, credit card numbers, and passwords are not safe in your “Sent” folder. These details can be picked up by spammers very easily.

• Make recovery questions hard

Questions like your first job or your mothers maiden name can be found very easily. Choose something harder, or if possible  make up your own question.

Unless we are aware of the possibilities of how these cyber criminals are take our identity and personal info, we will not know who to prevent it from happening.  Make sure you always have strong passwords and an up-to-date anti-virus on your computer.  Be cautious when connecting to open Wifi spots and consider a multi-factor authentication to add extra security to your system.   Fortunately, the U.S. Federal Government and email service providers have been taking steps to reduce and hopefully eliminate spam email.

References:
Bulletproof Inbox: Tips for staying safe (and sane) on email – WeLiveSecurity
http://www.welivesecurity.com/2013/08/02/bulletproof-inbox-tips-for-staying-safe-and-sane-on-email/
August 2, 2013
Ten Scariest Hacking Statistics – StopTheHacker
http://www.stopthehacker.com/2012/04/20/ten-scariest-hacking-statistics/#.UgUTM2009qY
April 20, 2013
Email hacking – Wikipedia
http://en.wikipedia.org/wiki/Email_hacking
What is Email Spam? – Comm100
http://emailmarketing.comm100.com/email-marketing-ebook/email-spam.aspx

Thumbnail image courtesy of [Stuart Miles] / FreeDigitalPhotos.net

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Pelosi Saves NSA Phone Metadata Program!

The NSA's spying program was almost terminated by congress until San Francisco Representative Nancy Pelosi stepped up and saved it.  Nancy Pelosi, California's 12th district saves the NSA phone metadate program.  Pelosi worked to kill the Amash amendment to the 2014 Defense Appropriations Bill.  The Amash's amendment took away the funds of the NSA's domestic phone record program, which collects metadata on all called within the United States.

The slim margin of 205 to 217 almost passed.  Rep. Pelosi worked undercover to convince numerous Democrats to vote against the amendment.

Foreign Policy

Foreign policy also know as foreign relations, consists of interest strategies chosen by the state to safeguard it's national interests and to achieve its goals within the international relations millieu. - Wikipedia

According to Foreign Policy, a Democrat told publication, "Pelosi had meetings and made a plea to vote against the amendment.”

The aide also said the "“Pelosi had a big effect on more middle-of-the road hawkish Democrats who didn’t want to be identified with a bunch of lefties” in their favor was the gutting of funding that the NSA insists is key to protect the national defense.

Not surprisingly, the Democrat in favor of the NSA's surveillance programs, managed to split the Congresses decision in half.  Although, this split was not along the norm of party lines.  Both of the parties; Democrats and Republicans voted for as well as against the amendment.  Rep. Pelosi's district does make her vote and lobbying efforts very curious.  Nancy Pelosi is the single representative of San Francisco, which holds a large industry of technology and it's occupants.

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:

Hey San Francisco, Your Rep. Pelosi Saved The NSA Phone Metadata Program - TechCrunch
http://www.hyphenet.com/blog/pelosi-saves-nsa-phone-metadata-program/



Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

America's Building Serious Cybersecurity Framework

Everyday in this country we rely on infrastructures to get us from point A to B.  The bridge we cross to get to work, the elevator we take to get to the doctors and the school we take our children to for their education and

refinement.  Critical infrastructures are made up of bridges, power supply, medical facilities, telecommunications networks, and more.   More so now, we rely on cyber infrastructures like working on our laptop from home to have a business meeting.  Or Skyping with the grandparents that are across the country so they can see how big their grandchildren are getting.

In this day, the critical infrastructure relies on digital systems of calculation and communication, most widely known as "cyber."  We've all heard of those cyber criminals hacking into our computers.  Gather our personal information, getting into our emails, stealing our identity.  Our cyber infrastructure is under attack and it seems like no one knows what to do about it or how to stop it.  We are helpless and lost, our computers are being invaded with malware and viruses while we watch.  No worries though,  America is taking charge and building a critical infrastructure cybersecurity framework.

 

Land of the Great

In February, President Obama issued an executive order to improve cybersecurity.  He intends to promote better protection of the country's infrastructure from cyber attacks that are growing in our economy and national security.  This week, that executive order is taking place here in San Diego-home of ESET North America at the University of California, San Diego (UCSD) and the National Health Information Sharing and Analysis Center (NH-ISAC) are hosting the 3rd Cybersecurity Framework Workshop today July 10 until Friday, July 12, 2013.  The intent is to work with stakeholder to organize a voluntary framework for reducing cyber risks.

 

Executive Order 13636, Improving Critical Infrastructure Cybersecurity, has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructures. This cybersecurity framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. - National Institute of Standards and Technology (NIST)

 

The San Diego event will have sessions that go into the depths of cybersecurity functions and it's workings.

• Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals


• Prevent – Categories of management, technical, and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.


• Detect –Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.


• Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.


• Recover – Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.

The next chapter is to observe the key categories and subcategories for the above functions.  They will examine the standards, guidelines, and practices for each suite and lower groups alike.  The US business and government agencies are hyper focusing on criminal hacking attacks and acts of cyber warfare, which is believed to be the work of state sponsored foreign agencies and home-grown hacktivist groups.   Online registration for the San Diego workshop is closed and already under way.  You may still register today at Madneville Auditorium, University of California, San Diego, 9500 Gilman Drive, La Jolla, California.

So know that America is seeing this epidemic of cyber criminals on the rise and we are doing something about it.  We are taking charge and fighting.

 

Image courtesy of [Victor Habbick] / FreeDigitalPhotos.net

References:
A cybersecurity framework to protect digital critical infrastructure
http://www.welivesecurity.com/2013/07/08/a-cybersecurity-framework-to-protect-digital-critical-infrastructure/
Published July 8, 2013

3rd Cybersecurity Framework Workshop, July 10-12, 2013, San Diego, CA
http://www.nist.gov/itl/csd/3rd-cybersecurity-framework-workshop-july-10-12-2013-san-diego-ca.cfm

What Jay-Z and Beyonce don't want to share with you.

The list of top celebrities and important political figures keep growing as their financial information is being compromised.  Jay Z, Beyonce, Britney Spears, Donald Trump, Kim Kardashian, Hillary Clinton, Joe Biden, and LAPD Chief Charlie Beck are among those unfortunate accounts.  This hacker posted detailed information about these VIP's giving up personal information and financial status.  The website in which all of the juicy info appeared with their social security numbers, mortgage amounts, credit card info, and other banking info available for the world to see.

The LAPD has already launched an investigation. The FBI is looking into it. - LAPD

They are giving viruses too

If you search for these celebrities watch out, they are giving out viruses too.  Cameron Diaz is the celebrity most likely to give you a computer virus.  You have a one in ten chance of stumbling upon these sites.  Here is a list of dangerous celebrities to research:

1. Cameron Diaz - 19% of sites and screensavers were identified as malicious.


2. Julia Roberts - 20% chance of downloading a photo or wallpaper burdened with malware.


3. Jessica Biel - Last years Most Dangerous Celebrity to look up.


4. Gisele Bundchen - Worlds highest paid supermodel, 15% results in spyware, malware or computer viruses.


5. Brad Pitt - Files can put adware or spyware on your computer.


6. Adriana Lima - Directs you to red-ranked sites.


7. Jennifer Love Hewitt - Risky downloadable websites.


8. Nicole Kidman - Take your chance if you want to but I wouldn't.


9. Tom Cruise - After Knight and Day, he's trouble to look up.


10. Heidi Klum - Cybercriminals used her to lure people to risky sites.


11. Penelope Cruz - Be aware of red sites if you search for Penelope.


12. Anna Paquin - Searching screensavers can lead you to tons of malware.

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


Image courtesy of [chanpipat] / FreeDigitalPhotos.net

[via:Buzzfeed, TMZ]

Phishing Scams: Think Before You Click

Cyber-criminals are installing malicious software onto your computer and taking everything they can with a click-of-the-mouse.  Phishing emails, scam websites, and suspicious phone calls are all designed to make them money at your expense.   With the use of social engineering, cyber-criminals are able to convince people to install malicious software without you knowing you are handing over your personal information.  So beware when you start seeing spam mail bombarding your accounts or annoying unknown numbers popping up on your phone.

Recognizing Phishing 

Online banking and e-commerce are pretty safe, but giving out your personal information or financial material should be done with caution.

1. Think before you click.

If something looks too good to be true, it most likely is.   Be aware of the websites you are on and information they contain so you don't get caught up in the glitz and glam of a thought out scam. If there are a lot of spelling errors or bad grammer, know that it might be a scam.

2. Trust who you know, not their emails

Don't trust unsolicited files or embedded links, even if it's from your friend. Look at the subject line of your message or link to determine if it's unreadable or looks foreign. If you have no idea what is on the page, don't click on it just to satisfy your curiosity. Be smarter than the malware.

3. Don't be fooled

Cyber-criminals are smart, they know ways to disguise a link to make it look as if it's something safe. Malicious links are sometimes disguised in phishing e-mails with known company's to make you think they are legitimate. Validate the page and roll your cursor over the link to see if another link shows up, you will know if this link will redirect you to another site or not.

4. Short URL's

A technique for hiding malicious links are hiding it through a URL shortener. This is a service that Twitter uses to shorten long URL's. TinyURL, bit.ly, and t.co are all legitimate Short URL services that can be used.

5. Don't be threatened

Be on top of your game. Cyber-criminals often use a threats to put you into a panic and catch you off guard. If you receive mail that you are being sued or an account is being closed, make sure you do some research before pulling out your pocketbook.

6. Spoof websites

Scammers use graphics in emails that appear to be attached to a legitimate site. When clicking on these websites it will direct you to the real site but penetrate your screen with a mass amount of pop-up windows. Be wary ofirresponsible clicking when surfing the net.

Fishy phone calls

Cyber-criminals might call you to offer help with solving computer problems, or sell you some kind of software license. Do not take these unsolicited phone calls. You might be persuaded into giving out your account information or personal information that could be the birth of identity fraud.


If you are a victim or are suspicious of any phishing activity, please report to Anti-Phishing Workers Group at www.antiphishing.org.

 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

http://www.welivesecurity.com/2013/05/29/phishing-the-click-of-death/

http://www.antiphishing.org/

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Are Facebook and Microsoft Giving the Government your PersonalInformation?

Microsoft, Facebook Make No Mention of Government Requests

Earlier on, Microsoft and Facebook had requested their users to input personal data and said that it was as per the direction of authorities of the US government. When asked later what matter the information was for, the companies only said that they are still unable to disclose what matter the information was for. Some say that it was to help the search of a missing child. However, many people are upset by the way the companies sidelined the users and did not make any mention of the reason for taking personal data from the users.

Why People Are Upset

Some information may have actually been needed for certain operations regarding national security. But the people of America feel that having been active participants in the matter, they deserve some reconciliation. They feel they should know how their acceptance of allowing their personal details being given to the government has helped. It is understandable that this may have been for a very good cause, however, some are unhappy at the breach of privacy without good reason so far.

Facebook and Microsoft’s Comments on the Matter

The companies mentioned on their corporate blogs that they have been swamped by thousands of queries and comments sent in by users. They also mentioned that they are allowed to give out any data which the government deems to be a matter of national security. This may even include FISA Orders or Directives, according to John Frank, the current deputy counsel at Microsoft.



 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

Facebook can now say more on user surveillance
http://www.foxnews.com/tech/2013/06/15/facebook-can-now-say-more-on-user-surveillance/
Published June 15th, 2013

Facebook Microsoft Government Broader Surveillance Revelations
http://www.nydailynews.com/news/national/facebook-microsoft-government-broader-surveillance-revelations-article-1.1373545
Published June 15, 2013

Microsoft and Facebook Release Number of National
http://www.fool.com/investing/general/2013/06/15/microsoft-and-facebook-release-number-of-national.aspx
Published June 15, 2013

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Image courtesy of [Free Digital Photos] / FreeDigitalPhotos.net

Malware on the Rise

Microsoft is clearly the industry leader in terms of operating system and it still has a firm hold over that position. In recent times, the company has had a quiet time in terms of security risks, especially after the introduction of  Windows 8. However, a new type of malware is being distributed for the Windows OS through German spam that affects the boot record of the infected computer. Also, this malware can also give the hacker control of the infected computer.

Distributed Via Attachment

Trend Micro was the company that was responsible for the detection of this new type of malware. The researchers who analyzed this malware said that it was attached to the German spam mail, and is code named BKDR_MATSNU.MCB. The mail will claim that the recipient has to pay some money to the sender, and all the relevant details have been attached to the mail. Trend micro researchers claimed that this method is very effective in influencing the recipients to open the attachment.

Ransomware Reaction

Once the malware is downloaded and installed on the victim’s computer, the data is collected and sent to the hacker who planted the malware. Once that is done, the malware is capable of erasing the boot record on the drive, erasing data, and also locks the screen of the computer. The victim is then asked to pay a certain sum of money if the screen has to be unlocked, the classic ransomware approach.

 

Links:

German Ransomware Threatens Victims, Disables PCs | Security ...

www.technewsdaily.com/18282-german-ransomware-disables-computers...‎

6 days ago – If you become a victim of the BKDR_MATSNU.MCB ransomware, getting it off of your system may not be as simple as running a virus scan.

 

Compromised Japanese Sites Lead to ... - Threat Watch

www.trendmicro.eu/smartphone/content.php?m=TrendLabs...i...‎

Jun 5, 2013 – Like any backdoor, BKDR_MATSNU.MCB performs certain malicious commands, which include gathering machine-related information and ...

 

Backdoor.AndroidOS.Obad.a, an Advanced Android Malware Threatens Users

http://thedroidguy.com/2013/06/backdoor-androidos-obad-a-an-advanced-android-malware-threatens-users/

Jun 8, 2013 - A known computer security company revealed that there is an advanced Android malware..

 

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

 

Microsoft Issues Worldwide Virus Alert

The talk and the footprint of computer viruses in the online world had reduced significantly in the last year. Hackers and online miscreants had moved on to other methods of attacking computers as viruses were considered to be too weak. But Microsoft recently announced that the trend is all set to change in the coming days. A security expert from the IT giant said that hackers were reverting back to the usage of viruses and coming up with innovative attack vectors. He said that this year, the world will witness a significant increase in the usage of viruses for attacking computers (both personal and corporate).

Low Broadband Penetration Rate

Tim Rains, the security expert who announced the news, said that Microsoft was monitoring the virus trends on the World Wide Web and noticed a spike in the volume of viruses for the first time. He said that low broadband penetration rate has increased the chances of a computer getting infected with any of the malicious software, including Trojans and worms. He said that this trend is being exploited by hackers and they are using viruses more actively to infect broadband connected computers (which is almost every internet enabled computer today). Microsoft also added that they had traced the infections to as far as Egypt, Pakistan, and Bangladesh.

Viruses Are Easy to Eliminate

Rains said that even today, viruses are very easy to be removed as their signatures can be easily detected and tracked. He said that users are expected to keep their anti-virus systems updated which will significantly reduce the chances of being attacked by a virus.

[via NBC News ]

Malware Threat to ATMs

Malware has been a big threat to computers and there have been a lot of problems caused by this type of malicious software. As if that was not enough, a forensics and security threat firm has announced a threat that malware can be used to target ATMs. Group-IB, the firm that announced these findings, said that malware can be used to collect data from the ATMs or swiping machines, and hack into the bank accounts. According to the study, the malware stores the data and sends it to the hacker who planted the malware whenever a network connection is available for transmission.

A Few Researchers Disagree

While Group-IB discussed their findings, the Director of Research at the University of Alabama, Gary Warner, said that malware cannot be used in the way Group-IB is announcing. He said that ATM networks are secured at multiple levels and something as simple as malware cannot get through the layers of encryption and firewalls. Typically, malware tries to exploit the weaknesses in the security that protects a system.

Bank Networks Vulnerable from Inside

Warner added that banks don’t have to worry about the attacks from the outside. He said that banks should worry more about someone from the inside planting malicious software into the bank networks as that is where the vulnerability is at its highest. He said that an auto load malware can be inserted as easily as plugging in a USB drive into the computer.The jury is still out on whether malware can affect banks from the outside or not, but the question is how severe the repercussions will be in case malware does attack a bank network.

[via Bank Info Security]

Texas Plant Explosion Spam Leads to Malware Attack

Considering cybercriminals jumped on the opportunity to spread malware by sending spam related to Monday’s Boston marathon bombing, it’s not all that surprising that they’re now doing the same with yesterday’s fertilizer plant explosion in West, Texas.

Here are some of the subject lines to watch out for:

• West TX Explosion


• Waco Explosion HD


• Texas Plant Explosion


• Texas Explosion Injures Dozens


• CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas


• Raw: Texas Explosion Injures Dozens

Like the marathon-themed emails, the spam messages tied to the new fertilizer plant explosion trick users into following malicious links by promising video footage of the devastating event.

Image Credit: Sophos

While it’s true that the victim is presented with a series of embedded videos related to the incident, they are also being exposed to the misdeeds of the Redkit exploit kit, which will use Adobe PDF or Java vulnerabilities to silently install malware on the victim’s computer.

Avoiding these attacks should be relatively easy – don’t follow links in unsolicited emails. Aside from that, keeping your operating system (& installed software) up-to-date and running antivirus software should help your PC remain malware-free.

Have you received any suspicious emails related to the plant explosion or marathon bombing? Share your experiences below and get the word out to help protect others!

[via Sophos][via AppRiver]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

American Airlines Spam Spreads Backdoor Trojan

Webroot is cautioning users not to fall for spam emails posing as a notification from American Airlines stating that their ticket is all set and ready for download.

This spam campaign isn’t exactly new, although previous versions may have had malicious files attached directly to the email itself.

Here’s what the current variant looks like:

 

American Airlines

Customer Notification

Your bought ticket is attached to the letter as a scan document.

To use your ticket you should Download It.

The embedded link will prompt users to download an executable, “Electronic Ticket.exe” that only 10/46 antivirus will identify as malware.

Dr. Web antivirus detects the threat as BackDoor.Kuluoz.4. Once it has infected your system, BackDoor.Kuluoz.4 will modify system files, inject itself into system processes and connect to a list of command & control servers.

Did You Get this Spam Email?

If you received a copy of this spam email, it is advised that you:

• Do not click on any links within the email.


• Do not download any files that may be attached or linked from this email.


• Forward a copy of the email, including the header to webmaster@aa.com.


• Delete the email immediately.

If You Downloaded Any Files...

If you made the mistake of clicking the link or opening any files attached to spam emails resembling the one above, you are advised to perform a full system scan using an antivirus solution offered by one of the following vendors:

• Dr. Web


• Sophos


• Kaspersky

Their products are capable of detecting and removing the threat associated with this attack. Be sure to be more careful in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Watch Out for Fake HP Printer Scan Emails

Keep an eye out for fraudulent emails claiming that a document was scanned and sent to you from your office Hewletter-Packard ScanJet printer.

Sophos warns that spammers are once again sending out bogus scan-to-email notices in an attempt to dupe users into clicking malicious links that lead to websites serving malware.

Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet #1788378

A document was scanned and sent to you using a Hewlett-Packard HP9289197

Sent to you by: PEARLIE
Pages: 3
Filetype(s): Images (.jpeg) View

This isn’t the first time that spammers mimicked document-to-file scan notifications, but previous attempts involved malicious file attachments vs. links in the email itself.

The malware served in the attack was not disclosed; however, the websites associated with this attack are rigged with the BlackHole exploit kit, which typically leverages PDF, Flash & Java vulnerabilities in order to plant malware on the visiting machine.

So, keep your computer safe by:

• Not following links embedded in unsolicited emails – at least not without investigating them first.


• Running antivirus software that offers real-time scanning & keep the virus definitions current. (Btw, Sophos blocks the page as Mal/ExpJS-N.).


• Keeping your operating system and third-party software fully patched & up-to-date.

If you’ve already clicked the link, run a full system scan to detect & remove any potential malware that may have been installed on your computer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Experian Spam Used to Spread Data-Stealing Trojan

Don’t open any files attached to emails purporting to be from Experian, claiming that a “key change” has been posted to “one of your three national credit reports.”

Spammers are pumping out Experian phishing emails in an attempt to infect as many computers as possible with malware.

Below is a copy of the email to watch out for:

From: Experian
Subject: IMPORTANT – A Key Change Has Been Posted

Experian

Membership ID #932823422

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian, Equifax, and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:

• View detailed report by opening the attachment.


• You will be prompted to open (view) the file or save (download) it to your computer.


• For best results, save the file first, then open it in a Web browser.


• Contact our Customer Care Center with any additional questions.

Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

© 2013 Consumerinfo.com, Inc.

The danger of this email lies within the attached file, Credit_Report_XXXXXXXXX.zip which contains an .exe file with the same name and a misleading PDF icon. A virus total scan of the exe reveals that it is actually PWS:Win32/Fareit, and not a credit report as the email suggests (big surprise there).

Did You Receive This Email?

If this email lands in your inbox, be sure that you:

• Do not download or open any attached files.


• Report the email to SpamCop.


• Delete the email immediately.

Did You Already Open the Attached File?

According to Virus Total, 29/46 antivirus programs are capable of detecting the threat associated with this spam campaign, so double-check the VT results and make sure your antivirus can catch it.  Then, do a full system scan and remove any detected threats.

[via DataProtectionCenter.com]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spam: Surprise! That 40% Apple Discount Coupon is Actually ZeuS Banking Malware

If you get an email offering a coupon to get 40% off Apple products – don’t open the file attached!

Spammers have been sending out emails with bogus coupons that can allegedly be used to shave 40% off the cost of a shiny new iMac, Macbook, or whatever other Apple product the recipient chooses to use it on.

Unfortunately, the only thing enclosed in the file attached to the email, Apple coupon.zip is a copy of the ZeuS Trojan, which will cost the victim money - not help save it - since it steals banking information.

Here's the email to watch out for:

From: Apple Inc.
Subject: You are the one!

One out of thousand!

Only 1000 people have been chosenas winners and you turned out to be one of them!

We?d like to offer you a 40% discount coupon for any Apple production (it?s attached to this email). You can buy a MacBook, iPod, iPhone or anything else Apple products you want! All you need to do is print it out and present at the checkout.
So, next time you go to BestBuy, Circuit City or Apple Store you are able to save up to 40% of any purchase of Apple production.

The discount coupon is accepted in Circuit City, Apple Store ot BestBuy

All the rules and detailed information about the lottery are also can be found in the attachments to this email.

Congratulations!

Did You Get This Email?

If you get an email like the one above, it is recommended that you:

• Do not download or open any files attached to it.


• Report the email to SpamCop.


• Delete the email immediately.

[via Barracuda]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

Spammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:

Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 

Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!

Given that this threat requires user-interaction, avoiding it should be relatively simple.

• Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.


• Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).


• Always keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.

Too Late?

Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

"CIA 'Deleted' Hugo Chavez" Spam Leads to Malware Attacks

Do not let curiosity get the best of you (and your PC) if an email drops in your inbox suggesting that the CIA and FBI played a role in the death of Venezuelan President, Hugo Chavez.

Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.

Below is an example email that Kaspersky researchers warn users not to fall for:

Subject: CIA “DELETED” Venezuela’s Hugo Chavez?

Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.

Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.

Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez

To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)

The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.

Tips to Stay Safe

Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:

• Always keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.


• Do not click hyperlinks embedded in unsolicited emails.


• Do not download or open files attached to unsolicited emails.


• Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.


• Remain vigilant when surfing the web – dangers lurk everywhere!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:

Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account

Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

• Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.


• Always double-check the URL in your address bar before entering any confidential information, including login credentials.


• Beef up your Facebook account security by enabling login notifications and login approvals.

Did You Fall for This Scam?

If you have already fallen for this scam:

• Change your password immediately - if you still can.


• Check out the 'Hacked Accounts' section of Facebook's Help Center.

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Adobe Confirms 0-Days in PDF Reader & Acrobat, Says Patch in the Works

Adobe has confirmed the existence of two critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat that are actively being exploited in targeted attacks.

FireEye researchers first spotted the exploit earlier this week, and revealed attacks involved a malicious PDF disguised as an international travel visa application that would drop 2 DLLs onto the target system upon successful execution.

Although these attacks appear to target Windows users, Adobe’s security advisory notes that the vulnerabilities affect Adobe Reader & Acrobat for other operating systems:

• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux


• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Protect Yourself

Adobe is currently working on a patch to fix the security holes, and advises users to enable Protected View in the meantime:

• Menu -> Edit


• Selecting Preferences


• Clicking Security (Enhanced)


• Pick “Files from potentially unsafe locations”

Adobe also advised enterprise administrators that they can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. (More information on that here.)

Aside from that, try not to open any suspicious PDF files sent from untrusted sources (for instance, an unsolicited email).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

New Adobe PDF Reader & Acrobat 0-Day Exploit Spotted

FireEye is warning users not to open PDF files sent from unknown/untrusted sources following the discovery of a a new zero-day vulnerability that’s actively being exploited in-the-wild.

The attack begins with a booby-trapped PDF - which may be masquerading as an application for an international travel visa -that drops 2 DLL files on the target machine should the exploit code be executed successfully.

“The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks “ FireEye researchers explain in a Tuesday blog post, "The second DLL in turn drops the callback component, which talks to a remote domain. "

Zheng Bu, Senior Director of Security Research at FireEye told Threatpost that this exploit is the first to bypass the sandbox in Adobe Reader X and higher.

FireEye notified Adobe of the bug, and has agreed to avoid posting technical details of the zero-day until further notice. FireEye was able to successfully execute this attack in Adobe Reader 9.5.3, 10.1.5 and 11.0.1.

Adobe is currently investigating the bug and will release an update once they have more information.

Until then, be sure that you do not open PDF files from unknown or untrusted sources.

Update: Adobe has confirmed the vulnerabilities discovered by FireEye & promises to release a patch soon.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+