‘Prayers for Likes’ Facebook Scam

Pictures of sick babies circulate through social media sites, especially through Facebook.

These images are of sick children, less fortunate families, and persons with deformities.



Specifically, a sick baby with hospital equipment in the background which claims that liking the image equates to a prayer for the child while sharing equates to one hundred prayers.

The disgraceful scam is designed to accumulate likes for a Facebook Page and promote the Page for more shares.

The image of the baby was stolen from a personal Facebook profile and is being circulated without the baby’s parents permission.

This is how most Facebook scams work.  Pictures are distributed and not authorized to be shared, then stolen from its rightful owners.

Tragically, the baby in the picture passed away only two weeks after she was born.

The message continued to circulate, causing great distress to the baby’s family.

If you see messages like this on Facebook, please do not like or share it.

Analysis

Like farming and sharing messages will not help the baby or the baby’s family in any way.  The message is just a tic in the long branch of sick baby hoaxes that falsely claim that you can help a baby by liking or sharing the message.




Some messages claim that money will be donated in exchange for liking or sharing.  Others declare that liking and sharing equates to prayers for the child.

The people who create these messages are driven by greed and selfishness.

This precious baby passed away April 2014, just weeks after she was born.

Whether or not you believe that prayers will help, the real intention of this scam is not pure.

Facebook has removed some of these messages and continues to take them down in a timely manner.

Although, there have been numerous reports, there are still some messages that continue to circulate with no action taken.

If you see scams  like this, please report them to Facebook as soon as possible.

Report a scam:

https://www.facebook.com/help/344403945636114/

http://facecrooks.com/Internet-Safety-Privacy/How-to-report-a-Facebook-scam.html/

What Facebook scams have you come across lately?  Please share your experience and help us take control over these cruel messages.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

‘Prayers for Likes’ Facebook Sick Baby Scam – Hoax-Slayer
http://www.hoax-slayer.com/prayers-for-likes-facebook-scam.shtml

WARNING: Microsoft tech-support scam responsible for $175,000 loss

Police are warning computer owners about a scam involving a bogus company claiming to be Microsoft’s technical support.

The calls are not coming from Microsoft’s technical support department, Microsoft is not involved in any way.

An 84-year old man from Edmonton, has lost over $175,000 in the past two years to these cyber-criminals.
The scammers contacted the victim almost daily.

At the beginning, he took a phone call from someone claiming to be from Microsoft, who then informed the man he had a virus on his computer and they would fix it for $200.

The man gave them his credit card number, in which he was charged for $600.

The victim noticed the amount taken from his credit card and contacted the believed Microsoft company to get a refund.

The fraudsters told him in order to get his refund, he needed to wire them money to get a transaction started.






The man became so obsessed with receiving the refund document it affected his daily routine.  He wouldn’t attend family functions or even take a shower the day he thought the delivery would arrive.

When the mans family tried to intervene, he started hiding his interactions with the scammers from them.

“He was lonely. His whole day revolved around these phone calls,” stated Detective Bill Allen. “Whenever he ran into a stumbling block in the whole scheme, they would give him instructions on how to get around those stumbling blocks.
“These people have this guy totally under their control.  Even to this day, he feels I interfered with his document. He wasn’t understanding that he was being deceived and there was not going to be a refund, and it didn’t matter if he sent $100,000.”

It is believed that the fraudsters are operating out of India.  The Detective said Western Union shut down wire transfer outlets in that country because they were being used excessively to receive hustled money.

Senior citizens are particularly vulnerable to these types of scams.  This is partly because they do not realize how advanced computer technology is.  Seniors also tend to be more trusting and do not understand how slick cyber-criminals are.

Allen said, many victims are afraid to admit to relatives they have been deceived, as it may convince relative they can no longer live independently.





Learn the ways to protect yourself from telephone tech support scams:

1. Do not purchase software or services from callers
2. If there is a fee or subscription, do not comply
3. Never hand over control to your computer unless you can verify the company’s legitimacy
4. Take down the callers information and report them
5. Never provide your credit card or financial information

One-third of attempted scams are successful.  These cyber-criminals are professional pirates.

If you have been a victim to a cyber scam you can go to these sites to report them.

http://www.ic3.gov/default.aspx
http://www.stopfraud.gov/report.html
http://www.bbb.org/council/bbb-scam-stopper/
http://www.consumer.ftc.gov/articles/0076-phone-scams

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:

By Keith Gerein, Edmonton Journal
Police warn about computer tech-support scam after Edmonton man loses $175,000
Published May 14, 2014
http://www.edmontonjournal.com/Police+warn+about+computer+tech+support+scam+after+Edmonton+loses/9835538/story.html

How to keep your email safe…

Spam isn’t only annoying but it is also dangerous to users.  Attackers often send vast broadcasts with misleading IP addresses and email addresses.  Over 27 million Americans have been a victim of identity theft in the past five years.  More than 9 million people found their identities were stolen last year alone.
If a spammer gets a hold of both a company’s email and IP adress, the impact can be disastrous.  The company’s Internet connection would be terminated by it’s Internet Service Provider (ISP) if its an email that is added on the black list of spamming addresses.  It is very important to guard all gateways of a network.  Having a firewall and anti-virus software sometimes isn’t enough to keep you safe.  An intrusion detection system(IDS) is good to have, this system makes sure nobody is able to access your network without permission.
We have gotten a little wiser when it comes to email spams and scams.  Cybercriminals are also doing their homework and becoming more clever with these scams.  An email scam might start out with a bill that’s owed or even a wedding invitation from a friend.

Here are a few tips for keeping your email safe:

• Look at the IP address

Check the link from the sender by hovering over the email address, make sure the link looks legit and makes sense.

• Be careful with shortened URLs

Twitter uses URL shorteners but be cautious if you receive one in your email. Ask yourself why would anyone not want to show the company they are sending an email from.

• Telephone numbers aren’t guaranteed

Even if the email looks professional and has a telephone number, it can be a cyber-criminal trick. The phone number may lead you to a scammer requesting for personal information.

• Don’t give out your email address

Giving out your email address is a bad idea. Electric companies in the U.S. were targeted with a “spear phishing” attack, which used information on company websites. Also be aware of the uncertainty of putting your email address public to social networks or Craigslist.

• Don’t auto load images

Don’t configure your email settings to where images are automatically downloaded. This will send a signal to spammers and the images sent to you are stored onto their servers with your email connected to them.

• Don’t spam yourself

Be mindful of filling out internet forms. Don’t click on the “I want to receive information”, box unless you truly trust the company. Even if the company is reputable, your email could possibly be passed on to other lists.

• Don’t store important information in your “Sent” folder

Bank account information, credit card numbers, and passwords are not safe in your “Sent” folder. These details can be picked up by spammers very easily.

• Make recovery questions hard

Questions like your first job or your mothers maiden name can be found very easily. Choose something harder, or if possible  make up your own question.

Unless we are aware of the possibilities of how these cyber criminals are take our identity and personal info, we will not know who to prevent it from happening.  Make sure you always have strong passwords and an up-to-date anti-virus on your computer.  Be cautious when connecting to open Wifi spots and consider a multi-factor authentication to add extra security to your system.   Fortunately, the U.S. Federal Government and email service providers have been taking steps to reduce and hopefully eliminate spam email.

References:
Bulletproof Inbox: Tips for staying safe (and sane) on email – WeLiveSecurity
http://www.welivesecurity.com/2013/08/02/bulletproof-inbox-tips-for-staying-safe-and-sane-on-email/
August 2, 2013
Ten Scariest Hacking Statistics – StopTheHacker
http://www.stopthehacker.com/2012/04/20/ten-scariest-hacking-statistics/#.UgUTM2009qY
April 20, 2013
Email hacking – Wikipedia
http://en.wikipedia.org/wiki/Email_hacking
What is Email Spam? – Comm100
http://emailmarketing.comm100.com/email-marketing-ebook/email-spam.aspx

Thumbnail image courtesy of [Stuart Miles] / FreeDigitalPhotos.net

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Infographic: Top 10 Internet and Email Scams

Online internet scams are still on the rise, taking innocent people for their money every second.  With most of the population browsing the internet on a daily basis, we sometimes forget their are lurkers out there waiting to catch us off guard.  These internet scammers are more tricky and smarter than ever.  Here is an Infographic of the top 10 internet and email scams we are seeing today.




Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

America's Building Serious Cybersecurity Framework

Everyday in this country we rely on infrastructures to get us from point A to B.  The bridge we cross to get to work, the elevator we take to get to the doctors and the school we take our children to for their education and

refinement.  Critical infrastructures are made up of bridges, power supply, medical facilities, telecommunications networks, and more.   More so now, we rely on cyber infrastructures like working on our laptop from home to have a business meeting.  Or Skyping with the grandparents that are across the country so they can see how big their grandchildren are getting.

In this day, the critical infrastructure relies on digital systems of calculation and communication, most widely known as "cyber."  We've all heard of those cyber criminals hacking into our computers.  Gather our personal information, getting into our emails, stealing our identity.  Our cyber infrastructure is under attack and it seems like no one knows what to do about it or how to stop it.  We are helpless and lost, our computers are being invaded with malware and viruses while we watch.  No worries though,  America is taking charge and building a critical infrastructure cybersecurity framework.

 

Land of the Great

In February, President Obama issued an executive order to improve cybersecurity.  He intends to promote better protection of the country's infrastructure from cyber attacks that are growing in our economy and national security.  This week, that executive order is taking place here in San Diego-home of ESET North America at the University of California, San Diego (UCSD) and the National Health Information Sharing and Analysis Center (NH-ISAC) are hosting the 3rd Cybersecurity Framework Workshop today July 10 until Friday, July 12, 2013.  The intent is to work with stakeholder to organize a voluntary framework for reducing cyber risks.

 

Executive Order 13636, Improving Critical Infrastructure Cybersecurity, has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructures. This cybersecurity framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. - National Institute of Standards and Technology (NIST)

 

The San Diego event will have sessions that go into the depths of cybersecurity functions and it's workings.

• Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals


• Prevent – Categories of management, technical, and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.


• Detect –Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.


• Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.


• Recover – Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.

The next chapter is to observe the key categories and subcategories for the above functions.  They will examine the standards, guidelines, and practices for each suite and lower groups alike.  The US business and government agencies are hyper focusing on criminal hacking attacks and acts of cyber warfare, which is believed to be the work of state sponsored foreign agencies and home-grown hacktivist groups.   Online registration for the San Diego workshop is closed and already under way.  You may still register today at Madneville Auditorium, University of California, San Diego, 9500 Gilman Drive, La Jolla, California.

So know that America is seeing this epidemic of cyber criminals on the rise and we are doing something about it.  We are taking charge and fighting.

 

Image courtesy of [Victor Habbick] / FreeDigitalPhotos.net

References:
A cybersecurity framework to protect digital critical infrastructure
http://www.welivesecurity.com/2013/07/08/a-cybersecurity-framework-to-protect-digital-critical-infrastructure/
Published July 8, 2013

3rd Cybersecurity Framework Workshop, July 10-12, 2013, San Diego, CA
http://www.nist.gov/itl/csd/3rd-cybersecurity-framework-workshop-july-10-12-2013-san-diego-ca.cfm

What Jay-Z and Beyonce don't want to share with you.

The list of top celebrities and important political figures keep growing as their financial information is being compromised.  Jay Z, Beyonce, Britney Spears, Donald Trump, Kim Kardashian, Hillary Clinton, Joe Biden, and LAPD Chief Charlie Beck are among those unfortunate accounts.  This hacker posted detailed information about these VIP's giving up personal information and financial status.  The website in which all of the juicy info appeared with their social security numbers, mortgage amounts, credit card info, and other banking info available for the world to see.

The LAPD has already launched an investigation. The FBI is looking into it. - LAPD

They are giving viruses too

If you search for these celebrities watch out, they are giving out viruses too.  Cameron Diaz is the celebrity most likely to give you a computer virus.  You have a one in ten chance of stumbling upon these sites.  Here is a list of dangerous celebrities to research:

1. Cameron Diaz - 19% of sites and screensavers were identified as malicious.


2. Julia Roberts - 20% chance of downloading a photo or wallpaper burdened with malware.


3. Jessica Biel - Last years Most Dangerous Celebrity to look up.


4. Gisele Bundchen - Worlds highest paid supermodel, 15% results in spyware, malware or computer viruses.


5. Brad Pitt - Files can put adware or spyware on your computer.


6. Adriana Lima - Directs you to red-ranked sites.


7. Jennifer Love Hewitt - Risky downloadable websites.


8. Nicole Kidman - Take your chance if you want to but I wouldn't.


9. Tom Cruise - After Knight and Day, he's trouble to look up.


10. Heidi Klum - Cybercriminals used her to lure people to risky sites.


11. Penelope Cruz - Be aware of red sites if you search for Penelope.


12. Anna Paquin - Searching screensavers can lead you to tons of malware.

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


Image courtesy of [chanpipat] / FreeDigitalPhotos.net

[via:Buzzfeed, TMZ]

Phishing Scams: Think Before You Click

Cyber-criminals are installing malicious software onto your computer and taking everything they can with a click-of-the-mouse.  Phishing emails, scam websites, and suspicious phone calls are all designed to make them money at your expense.   With the use of social engineering, cyber-criminals are able to convince people to install malicious software without you knowing you are handing over your personal information.  So beware when you start seeing spam mail bombarding your accounts or annoying unknown numbers popping up on your phone.

Recognizing Phishing 

Online banking and e-commerce are pretty safe, but giving out your personal information or financial material should be done with caution.

1. Think before you click.

If something looks too good to be true, it most likely is.   Be aware of the websites you are on and information they contain so you don't get caught up in the glitz and glam of a thought out scam. If there are a lot of spelling errors or bad grammer, know that it might be a scam.

2. Trust who you know, not their emails

Don't trust unsolicited files or embedded links, even if it's from your friend. Look at the subject line of your message or link to determine if it's unreadable or looks foreign. If you have no idea what is on the page, don't click on it just to satisfy your curiosity. Be smarter than the malware.

3. Don't be fooled

Cyber-criminals are smart, they know ways to disguise a link to make it look as if it's something safe. Malicious links are sometimes disguised in phishing e-mails with known company's to make you think they are legitimate. Validate the page and roll your cursor over the link to see if another link shows up, you will know if this link will redirect you to another site or not.

4. Short URL's

A technique for hiding malicious links are hiding it through a URL shortener. This is a service that Twitter uses to shorten long URL's. TinyURL, bit.ly, and t.co are all legitimate Short URL services that can be used.

5. Don't be threatened

Be on top of your game. Cyber-criminals often use a threats to put you into a panic and catch you off guard. If you receive mail that you are being sued or an account is being closed, make sure you do some research before pulling out your pocketbook.

6. Spoof websites

Scammers use graphics in emails that appear to be attached to a legitimate site. When clicking on these websites it will direct you to the real site but penetrate your screen with a mass amount of pop-up windows. Be wary ofirresponsible clicking when surfing the net.

Fishy phone calls

Cyber-criminals might call you to offer help with solving computer problems, or sell you some kind of software license. Do not take these unsolicited phone calls. You might be persuaded into giving out your account information or personal information that could be the birth of identity fraud.


If you are a victim or are suspicious of any phishing activity, please report to Anti-Phishing Workers Group at www.antiphishing.org.

 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

http://www.welivesecurity.com/2013/05/29/phishing-the-click-of-death/

http://www.antiphishing.org/

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Security Flaw Found in Facebook Pages Manager App for Android

Facebook Patches Privacy Flaw In Pages Manager For Android ...

Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public.   Shortly after  the details of this  issue went  public, Facebook Security got in touch ... a fix had been rolled out server-side, and noapp update was necessary.

 

Serious Privacy Flaw In Facebook Pages Manager ... - Android Police
www.androidpolice.com/.../serious-privacy-flaw-in-facebook-pages-man...‎

2 days ago – Update 5/26/13 11:30pm PT: Rory from Facebook Security has informed .... Facebook Pages Manager App Updated To 1.4 With Photo Albums, ...

Privacy Flaw Found in Facebook Pages Manager ... - Softpedia News
news.softpedia.com › News › Telecoms › Mobile Blog‎

1 day ago – Privacy Flaw Found in Facebook Pages Manager for Android. ... Facebook Messenger and Facebook Apps Updated on Android · Oppo Find 5 ...

Flaw in Facebook Pages Manager for Android makes your private messages public
http://tech2.in.com/news/android/flaw-in-facebook-pages-manager-for-android-makes-your-private-messages-public/874420

If you have Facebook’s Pages Manager application installed onto your Android devices to access your pages at any time of the day, you need to beware. If you plan on sending an image as a private message to a fan of your page, chances are that the image will get posted onto your wall for all your fans to see.

 

Microsoft Issues Worldwide Virus Alert

The talk and the footprint of computer viruses in the online world had reduced significantly in the last year. Hackers and online miscreants had moved on to other methods of attacking computers as viruses were considered to be too weak. But Microsoft recently announced that the trend is all set to change in the coming days. A security expert from the IT giant said that hackers were reverting back to the usage of viruses and coming up with innovative attack vectors. He said that this year, the world will witness a significant increase in the usage of viruses for attacking computers (both personal and corporate).

Low Broadband Penetration Rate

Tim Rains, the security expert who announced the news, said that Microsoft was monitoring the virus trends on the World Wide Web and noticed a spike in the volume of viruses for the first time. He said that low broadband penetration rate has increased the chances of a computer getting infected with any of the malicious software, including Trojans and worms. He said that this trend is being exploited by hackers and they are using viruses more actively to infect broadband connected computers (which is almost every internet enabled computer today). Microsoft also added that they had traced the infections to as far as Egypt, Pakistan, and Bangladesh.

Viruses Are Easy to Eliminate

Rains said that even today, viruses are very easy to be removed as their signatures can be easily detected and tracked. He said that users are expected to keep their anti-virus systems updated which will significantly reduce the chances of being attacked by a virus.

[via NBC News ]

Malware Threat to ATMs

Malware has been a big threat to computers and there have been a lot of problems caused by this type of malicious software. As if that was not enough, a forensics and security threat firm has announced a threat that malware can be used to target ATMs. Group-IB, the firm that announced these findings, said that malware can be used to collect data from the ATMs or swiping machines, and hack into the bank accounts. According to the study, the malware stores the data and sends it to the hacker who planted the malware whenever a network connection is available for transmission.

A Few Researchers Disagree

While Group-IB discussed their findings, the Director of Research at the University of Alabama, Gary Warner, said that malware cannot be used in the way Group-IB is announcing. He said that ATM networks are secured at multiple levels and something as simple as malware cannot get through the layers of encryption and firewalls. Typically, malware tries to exploit the weaknesses in the security that protects a system.

Bank Networks Vulnerable from Inside

Warner added that banks don’t have to worry about the attacks from the outside. He said that banks should worry more about someone from the inside planting malicious software into the bank networks as that is where the vulnerability is at its highest. He said that an auto load malware can be inserted as easily as plugging in a USB drive into the computer.The jury is still out on whether malware can affect banks from the outside or not, but the question is how severe the repercussions will be in case malware does attack a bank network.

[via Bank Info Security]

Malware Distributed from Phony SourceForge Website

Make sure you double-check the URL in your browser’s address bar or dialog window before downloading files online.

Zscaler researchers discovered that cybercriminals were taking advantage of the trusted reputation of SourceForget[.net] by distributing malware through a similar domain, sourceforgetchile.net.

The malicious file analyzed by Zscaler, minecraft_1.3.2.exe, was posing as a file associated with the popular game, Minecraft as the name suggests.

In reality, the executable file was a piece of malware closely related to the ZeroAccess Trojan that, upon a successful infection, will hide in the Recycle bin, inject malicious code into running processes, recruit the computer into a botnet, and generate revenue for its operators by part-taking in click fraud.

Thankfully this threat has a high detection rate (32/46), according to a VirusTotal report. So in the event that you downloaded the Trojan, you can perform a full system scan using one of the many AV programs capable of finding & removing it.

Aside from that, stay vigilant & always double-check the URL before clicking 'Download'.

[via Zscaler]

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

American Airlines Spam Spreads Backdoor Trojan

Webroot is cautioning users not to fall for spam emails posing as a notification from American Airlines stating that their ticket is all set and ready for download.

This spam campaign isn’t exactly new, although previous versions may have had malicious files attached directly to the email itself.

Here’s what the current variant looks like:

 

American Airlines

Customer Notification

Your bought ticket is attached to the letter as a scan document.

To use your ticket you should Download It.

The embedded link will prompt users to download an executable, “Electronic Ticket.exe” that only 10/46 antivirus will identify as malware.

Dr. Web antivirus detects the threat as BackDoor.Kuluoz.4. Once it has infected your system, BackDoor.Kuluoz.4 will modify system files, inject itself into system processes and connect to a list of command & control servers.

Did You Get this Spam Email?

If you received a copy of this spam email, it is advised that you:

• Do not click on any links within the email.


• Do not download any files that may be attached or linked from this email.


• Forward a copy of the email, including the header to webmaster@aa.com.


• Delete the email immediately.

If You Downloaded Any Files...

If you made the mistake of clicking the link or opening any files attached to spam emails resembling the one above, you are advised to perform a full system scan using an antivirus solution offered by one of the following vendors:

• Dr. Web


• Sophos


• Kaspersky

Their products are capable of detecting and removing the threat associated with this attack. Be sure to be more careful in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Watch Out for Fake HP Printer Scan Emails

Keep an eye out for fraudulent emails claiming that a document was scanned and sent to you from your office Hewletter-Packard ScanJet printer.

Sophos warns that spammers are once again sending out bogus scan-to-email notices in an attempt to dupe users into clicking malicious links that lead to websites serving malware.

Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet #1788378

A document was scanned and sent to you using a Hewlett-Packard HP9289197

Sent to you by: PEARLIE
Pages: 3
Filetype(s): Images (.jpeg) View

This isn’t the first time that spammers mimicked document-to-file scan notifications, but previous attempts involved malicious file attachments vs. links in the email itself.

The malware served in the attack was not disclosed; however, the websites associated with this attack are rigged with the BlackHole exploit kit, which typically leverages PDF, Flash & Java vulnerabilities in order to plant malware on the visiting machine.

So, keep your computer safe by:

• Not following links embedded in unsolicited emails – at least not without investigating them first.


• Running antivirus software that offers real-time scanning & keep the virus definitions current. (Btw, Sophos blocks the page as Mal/ExpJS-N.).


• Keeping your operating system and third-party software fully patched & up-to-date.

If you’ve already clicked the link, run a full system scan to detect & remove any potential malware that may have been installed on your computer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spyware Uses Fake Facebook Page to Steal Credit Card Data

It’s time to scan your computer for malware if you try to visit Facebook.com and land on a "security check" page requesting that you enter your credit card information to “verify your account.”

Spyware that TrendMicro researchers identify as TSPY_MINOCDO.A tricks unsuspecting users into disclosing their financial information by redirecting them to a spoofed Facebook security check page every time they attempt to visit the social networking site.

The redirect is done through the infected machine’s HOST file, and prevents the user from accessing any legitimate Facebook pages until the malware is removed.

Please complete a security check

Security checks help keep Facebook trustworthy and free of spam.

Use a credit card to verify your account

To keep Facebook a safe environment and to make sure that you are using your real name, we require you to confirm your identity by submitting your credit card information.

- This information will only be used to verify your identity.
- Your credit card will not be charged in any way.
- We do not store any credit card information on our servers.
- Please enter the following information to be able to continue using your Facebook account.

Information submitted through the false Facebook page is sent back to the cybercriminals to use as they please.

Aside from stealing payment information, researchers say that TSPY_MINOCDO.A modifies the system registry to ensure it starts every time Windows does, performs DNS queries to multiple domains to ensure that it can report back to its command server, and monitors all browsing activity.

TSPY_MINOCDO.A is distributed via drive-by-download attacks and other malware, so users can protect their computers by:

• Keeping their operating system and installed software fully patched and up-to-date.


• Always running antivirus software and keeping the virus definitions current.


• Exercising caution when following hyperlinks (do a little research first!).


• Disabling Java in their browser if it is not needed (the Java browser plugin is often targeted in cyberattacks).

Above all else, trust your instincts and don’t hand out your credit card information to “verify” your account on a FREE social networking website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Trojan Poses as Flash Player 11 Update, Changes Browser Home Page

Be sure to refer to Adobe’s official website if you’re looking to update Flash Player to the latest version.

There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.

Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:

 

While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:

• www.anasayfada.net


• www.heydex.com

“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.

Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.

Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.

• Only download Flash Updates from adobe.com, and not some random website.


• Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).

Is Your Computer Infected?

To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:

• Microsoft 


• McAfee


• AVG


• Ikarus

Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Yontoo Trojan Installs Adware Browser Plugins to Inject Ads in Webpages

Russian antivirus vendor Dr. Web is warning OS X users about a new Trojan, detected as Trojan.Yontoo.1 (“Yontoo”) that installs adware browser plugins on whatever computer it manages to infect.

Users are often duped into downloading Yontoo after landing on a movie trailer page that prompts them to download & install a [missing] browser plugin, media player, video quality enhancement program or download accelerator.

When launched, Yontoo will display a dialog window  to the victim asking them to install a program called “Free Twit Tube” –

 

However, Yontoo proceeds to download and install adware plugins for Safari, Chrome and Firefox instead.  As users surf the web, the plugins relay browsing data to a remote server, which then returns a file that enables the Trojan to inject ads (via third-party code) into webpages loaded in the affected browser.

So, for example, when a user visits apple.com on an infected machine, they may see something like this:

 

While Dr. Web’s write-up focuses on the attack targeting OS X users, it is important to note that Windows users are also subject to Yontoo infections, although Symantec classifies Yontoo as a “potentially unwanted app” vs. Trojan (an app that claims to be one thing when it’s another).

Either way, the ol’ “missing plugin” bit is rather old, so don’t fall for it. Be careful what you install on your computer, and always read the installation dialogs.

Removing Yontoo from Your PC

If you’ve already been tagged by the Yontoo Trojan, you can perform a full system scan using one of the following antivirus programs to remove the infection:

• OS X users:
  
  
  
  • Dr. Web
  
  
  • Intego (detects it as OSX/Tonyoo)
  
  
  
  


• Windows users:
  
  
  
  • Symantec
  
  
  • Webroot
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spam: Surprise! That 40% Apple Discount Coupon is Actually ZeuS Banking Malware

If you get an email offering a coupon to get 40% off Apple products – don’t open the file attached!

Spammers have been sending out emails with bogus coupons that can allegedly be used to shave 40% off the cost of a shiny new iMac, Macbook, or whatever other Apple product the recipient chooses to use it on.

Unfortunately, the only thing enclosed in the file attached to the email, Apple coupon.zip is a copy of the ZeuS Trojan, which will cost the victim money - not help save it - since it steals banking information.

Here's the email to watch out for:

From: Apple Inc.
Subject: You are the one!

One out of thousand!

Only 1000 people have been chosenas winners and you turned out to be one of them!

We?d like to offer you a 40% discount coupon for any Apple production (it?s attached to this email). You can buy a MacBook, iPod, iPhone or anything else Apple products you want! All you need to do is print it out and present at the checkout.
So, next time you go to BestBuy, Circuit City or Apple Store you are able to save up to 40% of any purchase of Apple production.

The discount coupon is accepted in Circuit City, Apple Store ot BestBuy

All the rules and detailed information about the lottery are also can be found in the attachments to this email.

Congratulations!

Did You Get This Email?

If you get an email like the one above, it is recommended that you:

• Do not download or open any files attached to it.


• Report the email to SpamCop.


• Delete the email immediately.

[via Barracuda]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

Spammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:

Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 

Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!

Given that this threat requires user-interaction, avoiding it should be relatively simple.

• Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.


• Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).


• Always keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.

Too Late?

Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

"CIA 'Deleted' Hugo Chavez" Spam Leads to Malware Attacks

Do not let curiosity get the best of you (and your PC) if an email drops in your inbox suggesting that the CIA and FBI played a role in the death of Venezuelan President, Hugo Chavez.

Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.

Below is an example email that Kaspersky researchers warn users not to fall for:

Subject: CIA “DELETED” Venezuela’s Hugo Chavez?

Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.

Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.

Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez

To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)

The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.

Tips to Stay Safe

Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:

• Always keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.


• Do not click hyperlinks embedded in unsolicited emails.


• Do not download or open files attached to unsolicited emails.


• Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.


• Remain vigilant when surfing the web – dangers lurk everywhere!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.