Email Spam was at it’s highest in the Month of February!

Email spam traffic was up 4.2 percentage points and averaged 69.9% in the month of February.  Internet spam mail has taken over most advertisements for Valentine’s Day.

Consumers were caught off guard during the panic to try and find their Valentine the perfect gift.

Spammers sent out Valentine’s Day offers in February, while ‘Nigerian‘ scammers took advantage of the political situation in Ukraine.  The scams would consist of tricking people out of their money because of the tragic events happening in the country.

Stories told about tourists who have been robbed is the universal approach to scamming people out of their money.

Many holiday themed spam arose during the month of February, which adverted users to sites for fake designer goods, flowers, and gourmet sweets.

The fraudulent email offered a chance to earn a large sum of money after the holiday gift was purchased.  It was a ploy, no money was intended to be given.

It is expected for March to receive more holiday themed spam pertaining to St. Patrick’s Day.  Online buyers often make purchases for holidays and themed parties from unknown sources and small businesses.

 

Vision Correction

Vision correction spam also redirects users to fraudulent sites.  Messages on promotional flyers created to steal your information when you fill out the  form for more information on the fake offer.

 

Office Supply Stores

A series of spam offers for printer and copier cartridges at greatly discounted prices have also increased on the web.  Many businesses are now using their own machinery to create and print products.  This has opened the market up for the opportunity for fraudulent advertisements to target businesses.

Most often we expect spam in our inbox’s email and with a poorly written plea for help.  Now we are seeing well designed advertisements luring poor victims to fall for their offers.

Mass spam email in English, Swedish and other languages are offering these same types of advertisements for printers, cartridges, and other major office supply equipment.  Not all offers with discount coupons or short-term promotions are going to save you money.

 

Spam Source

This is the list of sources distributing spam worldwide in as of February.

In February the Top 10 malicous programs that spread via email as follows:

Programs distributed the email sending notifications from major commercial banks, e-stores, and software developers.

Its crucial for consumers to research the company they are interested in purchasing from.  Emails with malicious attachments contained both fake notifications from popular social media sites and ‘online dating’ emails, whose number increased in the run-up to Valentine’s Day.

If these campaigns are successful, they will come out a few hundred dollars richer and you are left with nothing but the bill.

Have you run across this type of spam on the Internet?  Please let us know in the comments below!

Don’t miss out on the latest tech news and computer security alerts!  Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
Spam report: February 2014 – Secure List
http://www.securelist.com/en/analysis/204792328/Spam_report_February_2014

Tis the season for holiday scams!

Holiday shoppers be aware of banking malware this season.  According to security experts, as Christmas comes around an increase of over 200,000 infections will make its way to the online market place.

Internet-based shopping and online banking will bring the internet scammers out as consumers flood the internet with their holiday spending.

Europe and America are being less hit with malware than other countries like India, Australia, France, Germany, Vietnam, Taiwan and Mexico.  This is likely due to a lack of cyber-security software and identity theft protection in those countries.  Also outdated software and vulnerable computers will have a play in the attacks.

Although, the USA, Brazil and Japan are targeted most with online banking threats.

A Trojan horse named “Zeus” steals banking information by browser keystroke logging.  Zeus is spread mainly through drive-by downloads and phishing schemes.  The Trojan attacks visitors and install the malware if the computer has a software vulnerability.  It can take banking credentials and send all the details to a remote server.

Phishing emails fake Apps, and spoof banks are all being hit on smartphones and tablets.

Photo Credit: ZDNet

The rate of mobile phishing websites created has risen by 53%.  42% of spook websites are designed to portray banks and financial institutions.  Once malware is installed on a mobile device, an array of problems will start to exist.

Photo Credit: ZDNet

JD Sherry, vice president of technology and solutions at Trend Micro said:

“As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness. In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardized as phishing scams that target the platform continue to gain momentum.
This evidence suggests a potential perfect storm looming in the holiday season as busy commercial and consumer users leverage mobile platforms.”

References:
Online banking, mobile malware on the rise in the holiday season – ZDNet
http://www.zdnet.com/online-banking-mobile-malware-on-the-rise-in-the-holiday-season-7000023084/
November 12, 2013
Banking malware infections rise to highest level since 2002 – PCWorld
http://www.pcworld.com/article/2062600/banking-malware-infections-rise-to-highest-level-since-2002.html

Phishing Scams: Think Before You Click

Cyber-criminals are installing malicious software onto your computer and taking everything they can with a click-of-the-mouse.  Phishing emails, scam websites, and suspicious phone calls are all designed to make them money at your expense.   With the use of social engineering, cyber-criminals are able to convince people to install malicious software without you knowing you are handing over your personal information.  So beware when you start seeing spam mail bombarding your accounts or annoying unknown numbers popping up on your phone.

Recognizing Phishing 

Online banking and e-commerce are pretty safe, but giving out your personal information or financial material should be done with caution.

1. Think before you click.

If something looks too good to be true, it most likely is.   Be aware of the websites you are on and information they contain so you don't get caught up in the glitz and glam of a thought out scam. If there are a lot of spelling errors or bad grammer, know that it might be a scam.

2. Trust who you know, not their emails

Don't trust unsolicited files or embedded links, even if it's from your friend. Look at the subject line of your message or link to determine if it's unreadable or looks foreign. If you have no idea what is on the page, don't click on it just to satisfy your curiosity. Be smarter than the malware.

3. Don't be fooled

Cyber-criminals are smart, they know ways to disguise a link to make it look as if it's something safe. Malicious links are sometimes disguised in phishing e-mails with known company's to make you think they are legitimate. Validate the page and roll your cursor over the link to see if another link shows up, you will know if this link will redirect you to another site or not.

4. Short URL's

A technique for hiding malicious links are hiding it through a URL shortener. This is a service that Twitter uses to shorten long URL's. TinyURL, bit.ly, and t.co are all legitimate Short URL services that can be used.

5. Don't be threatened

Be on top of your game. Cyber-criminals often use a threats to put you into a panic and catch you off guard. If you receive mail that you are being sued or an account is being closed, make sure you do some research before pulling out your pocketbook.

6. Spoof websites

Scammers use graphics in emails that appear to be attached to a legitimate site. When clicking on these websites it will direct you to the real site but penetrate your screen with a mass amount of pop-up windows. Be wary ofirresponsible clicking when surfing the net.

Fishy phone calls

Cyber-criminals might call you to offer help with solving computer problems, or sell you some kind of software license. Do not take these unsolicited phone calls. You might be persuaded into giving out your account information or personal information that could be the birth of identity fraud.


If you are a victim or are suspicious of any phishing activity, please report to Anti-Phishing Workers Group at www.antiphishing.org.

 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

http://www.welivesecurity.com/2013/05/29/phishing-the-click-of-death/

http://www.antiphishing.org/

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Malware Distributed from Phony SourceForge Website

Make sure you double-check the URL in your browser’s address bar or dialog window before downloading files online.

Zscaler researchers discovered that cybercriminals were taking advantage of the trusted reputation of SourceForget[.net] by distributing malware through a similar domain, sourceforgetchile.net.

The malicious file analyzed by Zscaler, minecraft_1.3.2.exe, was posing as a file associated with the popular game, Minecraft as the name suggests.

In reality, the executable file was a piece of malware closely related to the ZeroAccess Trojan that, upon a successful infection, will hide in the Recycle bin, inject malicious code into running processes, recruit the computer into a botnet, and generate revenue for its operators by part-taking in click fraud.

Thankfully this threat has a high detection rate (32/46), according to a VirusTotal report. So in the event that you downloaded the Trojan, you can perform a full system scan using one of the many AV programs capable of finding & removing it.

Aside from that, stay vigilant & always double-check the URL before clicking 'Download'.

[via Zscaler]

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

American Airlines Spam Spreads Backdoor Trojan

Webroot is cautioning users not to fall for spam emails posing as a notification from American Airlines stating that their ticket is all set and ready for download.

This spam campaign isn’t exactly new, although previous versions may have had malicious files attached directly to the email itself.

Here’s what the current variant looks like:

 

American Airlines

Customer Notification

Your bought ticket is attached to the letter as a scan document.

To use your ticket you should Download It.

The embedded link will prompt users to download an executable, “Electronic Ticket.exe” that only 10/46 antivirus will identify as malware.

Dr. Web antivirus detects the threat as BackDoor.Kuluoz.4. Once it has infected your system, BackDoor.Kuluoz.4 will modify system files, inject itself into system processes and connect to a list of command & control servers.

Did You Get this Spam Email?

If you received a copy of this spam email, it is advised that you:

• Do not click on any links within the email.


• Do not download any files that may be attached or linked from this email.


• Forward a copy of the email, including the header to webmaster@aa.com.


• Delete the email immediately.

If You Downloaded Any Files...

If you made the mistake of clicking the link or opening any files attached to spam emails resembling the one above, you are advised to perform a full system scan using an antivirus solution offered by one of the following vendors:

• Dr. Web


• Sophos


• Kaspersky

Their products are capable of detecting and removing the threat associated with this attack. Be sure to be more careful in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Watch Out for Fake HP Printer Scan Emails

Keep an eye out for fraudulent emails claiming that a document was scanned and sent to you from your office Hewletter-Packard ScanJet printer.

Sophos warns that spammers are once again sending out bogus scan-to-email notices in an attempt to dupe users into clicking malicious links that lead to websites serving malware.

Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet #1788378

A document was scanned and sent to you using a Hewlett-Packard HP9289197

Sent to you by: PEARLIE
Pages: 3
Filetype(s): Images (.jpeg) View

This isn’t the first time that spammers mimicked document-to-file scan notifications, but previous attempts involved malicious file attachments vs. links in the email itself.

The malware served in the attack was not disclosed; however, the websites associated with this attack are rigged with the BlackHole exploit kit, which typically leverages PDF, Flash & Java vulnerabilities in order to plant malware on the visiting machine.

So, keep your computer safe by:

• Not following links embedded in unsolicited emails – at least not without investigating them first.


• Running antivirus software that offers real-time scanning & keep the virus definitions current. (Btw, Sophos blocks the page as Mal/ExpJS-N.).


• Keeping your operating system and third-party software fully patched & up-to-date.

If you’ve already clicked the link, run a full system scan to detect & remove any potential malware that may have been installed on your computer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spyware Uses Fake Facebook Page to Steal Credit Card Data

It’s time to scan your computer for malware if you try to visit Facebook.com and land on a "security check" page requesting that you enter your credit card information to “verify your account.”

Spyware that TrendMicro researchers identify as TSPY_MINOCDO.A tricks unsuspecting users into disclosing their financial information by redirecting them to a spoofed Facebook security check page every time they attempt to visit the social networking site.

The redirect is done through the infected machine’s HOST file, and prevents the user from accessing any legitimate Facebook pages until the malware is removed.

Please complete a security check

Security checks help keep Facebook trustworthy and free of spam.

Use a credit card to verify your account

To keep Facebook a safe environment and to make sure that you are using your real name, we require you to confirm your identity by submitting your credit card information.

- This information will only be used to verify your identity.
- Your credit card will not be charged in any way.
- We do not store any credit card information on our servers.
- Please enter the following information to be able to continue using your Facebook account.

Information submitted through the false Facebook page is sent back to the cybercriminals to use as they please.

Aside from stealing payment information, researchers say that TSPY_MINOCDO.A modifies the system registry to ensure it starts every time Windows does, performs DNS queries to multiple domains to ensure that it can report back to its command server, and monitors all browsing activity.

TSPY_MINOCDO.A is distributed via drive-by-download attacks and other malware, so users can protect their computers by:

• Keeping their operating system and installed software fully patched and up-to-date.


• Always running antivirus software and keeping the virus definitions current.


• Exercising caution when following hyperlinks (do a little research first!).


• Disabling Java in their browser if it is not needed (the Java browser plugin is often targeted in cyberattacks).

Above all else, trust your instincts and don’t hand out your credit card information to “verify” your account on a FREE social networking website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Watch Out for Mobile Adware Posing as Candy Crush Saga Apps

Think twice before you download apps that claim to offer cheats or guidance for the popular matching game, Candy Crush Saga.

TrendMicro warns that ill-willed developers have started cashing in on the game's popularity by creating fake Candy Crush apps containing the code for the Leadbolt & AirPush ad networks.

AirPush and Leadbolt have gained quite a poor reputation for their “aggressive marketing practices,” which include placing ads to the notification/status bar, placing ad-enabled search icons on your mobile desk, and collecting user information.

Infact, these ad networks (and a few others) have become such a nuisance that developers & mobile security app vendors have released apps capable of detecting their presence so users can determine which apps are displaying ads on their device (and need to be removed).

TrendMicro’s mobile security app detects the AirPush & Leadbolt ad networks as ANDROIDOS_AIRPUSH.HRXV and ANDROIDOS_LEADBLT.HRY, respectively.

How to Avoid Candy Crush Saga-Themed Adware

As a fan of Candy Crush Saga, I can tell you that a large part of the game relies on luck, so those “cheats” and guides won’t be of much use since the candies aren’t laid out in a specific pattern.  You’ll have to figure it out on your own.

Aside from that, you can gauge the safety of an app by:

• Check the number of downloads and the app’s rating.


• Reading user reviews – usually users will spill the beans on what’s really going on with an app.


• Do a little homework on the developer – i.e. Google their name and make sure there aren’t any red flags in the results.


• Review the app permissions – sometimes the permissions can be hard to gauge (as some legitimate apps require odd permissions), but other times they can throw a big red flag. Either way, look them over and listen to your gut if something seems off.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Experian Spam Used to Spread Data-Stealing Trojan

Don’t open any files attached to emails purporting to be from Experian, claiming that a “key change” has been posted to “one of your three national credit reports.”

Spammers are pumping out Experian phishing emails in an attempt to infect as many computers as possible with malware.

Below is a copy of the email to watch out for:

From: Experian
Subject: IMPORTANT – A Key Change Has Been Posted

Experian

Membership ID #932823422

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian, Equifax, and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:

• View detailed report by opening the attachment.


• You will be prompted to open (view) the file or save (download) it to your computer.


• For best results, save the file first, then open it in a Web browser.


• Contact our Customer Care Center with any additional questions.

Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

© 2013 Consumerinfo.com, Inc.

The danger of this email lies within the attached file, Credit_Report_XXXXXXXXX.zip which contains an .exe file with the same name and a misleading PDF icon. A virus total scan of the exe reveals that it is actually PWS:Win32/Fareit, and not a credit report as the email suggests (big surprise there).

Did You Receive This Email?

If this email lands in your inbox, be sure that you:

• Do not download or open any attached files.


• Report the email to SpamCop.


• Delete the email immediately.

Did You Already Open the Attached File?

According to Virus Total, 29/46 antivirus programs are capable of detecting the threat associated with this spam campaign, so double-check the VT results and make sure your antivirus can catch it.  Then, do a full system scan and remove any detected threats.

[via DataProtectionCenter.com]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

Spammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:

Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 

Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!

Given that this threat requires user-interaction, avoiding it should be relatively simple.

• Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.


• Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).


• Always keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.

Too Late?

Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

"CIA 'Deleted' Hugo Chavez" Spam Leads to Malware Attacks

Do not let curiosity get the best of you (and your PC) if an email drops in your inbox suggesting that the CIA and FBI played a role in the death of Venezuelan President, Hugo Chavez.

Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.

Below is an example email that Kaspersky researchers warn users not to fall for:

Subject: CIA “DELETED” Venezuela’s Hugo Chavez?

Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.

Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.

Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez

To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)

The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.

Tips to Stay Safe

Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:

• Always keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.


• Do not click hyperlinks embedded in unsolicited emails.


• Do not download or open files attached to unsolicited emails.


• Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.


• Remain vigilant when surfing the web – dangers lurk everywhere!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:

Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account

Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

• Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.


• Always double-check the URL in your address bar before entering any confidential information, including login credentials.


• Beef up your Facebook account security by enabling login notifications and login approvals.

Did You Fall for This Scam?

If you have already fallen for this scam:

• Change your password immediately - if you still can.


• Check out the 'Hacked Accounts' section of Facebook's Help Center.

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Researchers Find 0-Day Vulnerabilities in Java 7 Update 15

Security Exploration researchers have discovered a new set of 0-day vulnerabilities affecting Java 7 Update 15 and earlier.

An update posted on the Security Explorations website states that the company has notified Oracle of the vulnerabilities (referred to as issues 54 and 55), including proof-of-concept code for the company to review. Oracle confirmed successfully receiving the report and is now investigating the matter.

Hopefully Oracle will move to patch the bugs quickly since they can be used to completely bypass the Java security sandbox.

Adam Gowdiak, CEO of Security Explorations told Softpedia, “Both new issues are specific to Java SE 7 only. They allow abuse [of] the Reflection API in a particularly interesting way. Without going into further details, everything indicates that the ball is in Oracle's court. Again. “

Considering that cybercriminals recently used Java vulnerabilities in the watering hole attack that resulted in malware being installed on computers belonging to Facebook, Apple, Microsoft, and other companies, it may be wise for users to consider:

• Disabling the Java plugins in their web browser (if not needed)


• Dedicating one browser to surfing Java-rich websites and disabling Java plugins in all other browsers


• Removing/uninstalling Java from their computer

It's better to be safe than sorry.

Do you still have Java installed on your system?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tax Spam Aims to Trick Users Into Downloading Backdoor Trojan

It’s tax season again and that means spammers will be pumping out malicious phishing emails in hopes of catching recipients off-guard.

Sophos has already intercepted one of the tax-related spam emails going around, and is warning users not to open the files attached to it:

Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

The name of the zip archive attached to the email will vary from email-to-email as it is named after the recipient (i.e. the file will be named “sally.zip” if your email is sally@email.com). However, each archive contains the a dangerous executable, "Individual Income Tax Returns.exe" that Sophos identifies as Troj/Agent-ZWM, a backdoor Trojan that will grant an attacker remote control of your system.

What to Do If You Receive This Spam Email

If this email happens to drop in your inbox, it is recommended that you:

• Avoid downloading or opening the attached file.


• Report the email to SpamCop.


• Delete the email immediately.

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

(Updated) Hackers Still Scanning for Vulnerable TimThumb Scripts

If you have a website running on WordPress, make sure you check your themes and plugins for the TimThumb script, and if you find it make sure you’re running the latest version (2.8.11 at time of this writing).

For the uninitiated, TimThumb is a PHP script used to resize images, and is integrated into hundreds of WordPress themes.

Unfortunately, a security flaw was discovered within TimThumb in 2011, leaving millions of WordPress powered websites vulnerable to attack. The vulnerability was fixed (in version 1.33, I believe); however, some websites may still be at risk if they were never updated.

Judging by scans we’ve seen on our own blog, it would appear that cybercriminals are still hunting for websites with plugins or themes using outdated versions of TimThumb:

Plugins

/wp-content/plugins/cac-featured-content/timthumb.php
/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php
/wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php
/wp-content/plugins/cms-pack/timthumb.php
/wp-content/plugins/dp-thumbnail/timthumb/timthumb.php
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php
/wp-content/plugins/islidex/js/timthumb.php
/wp-content/plugins/kino-gallery/timthumb.php
/wp-content/plugins/lisl-last-image-slider/timthumb.php
/wp-content/plugins/really-easy-slider/inc/thumb.php
/wp-content/plugins/rent-a-car/libs/timthumb.php
/wp-content/plugins/verve-meta-boxes/tools/timthumb.php
/wp-content/plugins/vk-gallery/lib/timthumb.php
/wp-content/plugins/wp-marketplace/libs/timthumb.php

Themes

/wp-content/themes/13Floor/timthumb.php
/wp-content/themes/advanced-newspaper/timthumb.php
/wp-content/themes/Aggregate/thumb.php
/wp-content/themes/Aggregate/timthumb.php
/wp-content/themes/AmphionPro/script/timthumb.php
/wp-content/themes/aperture/thumb.php
/wp-content/themes/aperture/timthumb.php
/wp-content/themes/arras/library/timthumb.php
/wp-content/themes/arras-theme/library/timthumb.php
/wp-content/themes/Avenue/timthumb.php
/wp-content/themes/backstage/thumb.php
/wp-content/themes/backstage/timthumb.php
/wp-content/themes/Basic/timthumb.php
/wp-content/themes/biznizz/thumb.php
/wp-content/themes/biznizz/timthumb.php
/wp-content/themes/Bold/timthumb.php
/wp-content/themes/boldnews/thumb.php
/wp-content/themes/boldnews/timthumb.php
/wp-content/themes/broadcast/thumb.php
/wp-content/themes/bt/includes/timthumb.php
/wp-content/themes/bueno/thumb.php
/wp-content/themes/bueno/timthumb.php
/wp-content/themes/busybee/thumb.php
/wp-content/themes/busybee/timthumb.php
/wp-content/themes/c3/thumb.php
/wp-content/themes/cadabrapress/scripts/timthumb.php
/wp-content/themes/canvas/thumb.php
/wp-content/themes/canvas/timthumb.php
/wp-content/themes/CFWProfessional/timthumb.php
/wp-content/themes/Chameleon/timthumb.php
/wp-content/themes/city/scripts/timthumb.php
/wp-content/themes/cityguide/timthumb.php
/wp-content/themes/coda/thumb.php
/wp-content/themes/coffeebreak/thumb.php
/wp-content/themes/coffeebreak/timthumb.php
/wp-content/themes/coffeedesk/includes/timthumb.php
/wp-content/themes/comfy%20pro/thumb.php
/wp-content/themes/continuum/thumb.php
/wp-content/themes/continuum/timthumb.php
/wp-content/themes/crisp/thumb.php
/wp-content/themes/crisp/timthumb.php
/wp-content/themes/cruz/scripts/timthumb.php
/wp-content/themes/dailyedition/thumb.php
/wp-content/themes/dandelion_v2.6.1/functions/timthumb.php
/wp-content/themes/dandelion_v2.6.3/functions/timthumb.php
/wp-content/themes/dandelion_v2.6.4/functions/timthumb.php
/wp-content/themes/dcric/scripts/timthumb.php
/wp-content/themes/DeepBlue/timthumb.php
/wp-content/themes/deep-blue/timthumb.php
/wp-content/themes/DeepFocus/thumb.php
/wp-content/themes/DeepFocus/timthumb.php
/wp-content/themes/delegate/thumb.php
/wp-content/themes/delegate/timthumb.php
/wp-content/themes/delicate/thumb.php
/wp-content/themes/delicate/timthumb.php
/wp-content/themes/DelicateNews/timthumb.php
/wp-content/themes/deliciousmagazine/thumb.php
/wp-content/themes/deliciousmagazine/timthumb.php
/wp-content/themes/delight/scripts/timthumb.php
/wp-content/themes/develop/thumb.php
/wp-content/themes/diarise/thumb.php
/wp-content/themes/digitalfarm/thumb.php
/wp-content/themes/directory/timthumb.php
/wp-content/themes/dualshockers2/thumb.php
/wp-content/themes/duotive-three/includes/timthumb.php
/wp-content/themes/EarthlyTouch/timthumb.php
/wp-content/themes/eBusiness/timthumb.php
/wp-content/themes/ecobiz/timthumb.php
/wp-content/themes/editorial/thumb.php
/wp-content/themes/ElegantEstate/thumb.php
/wp-content/themes/ElegantEstate/timthumb.php
/wp-content/themes/eNews/thumb.php
/wp-content/themes/eNews/timthumb.php
/wp-content/themes/envision/thumb.php
/wp-content/themes/ephoto/thumb.php
/wp-content/themes/ePhoto/timthumb.php
/wp-content/themes/equator/timthumb.php
/wp-content/themes/eStore/timthumb.php
/wp-content/themes/Event/timthumb.php
/wp-content/themes/Feather/timthumb.php
/wp-content/themes/flashnews/thumb.php
/wp-content/themes/freshnews/thumb.php
/wp-content/themes/G6Feature/includes/thumb.php
/wp-content/themes/gallant/thumb.php
/wp-content/themes/gazette/thumb.php
/wp-content/themes/gazette/timthumb.php
/wp-content/themes/Glow/timthumb.php
/wp-content/themes/GrungeMag/timthumb.php
/wp-content/themes/headlines/thumb.php
/wp-content/themes/headlines/timthumb.php
/wp-content/themes/headlines_enhanced_v2/thumb.php
/wp-content/themes/idris/images/timthumb.php
/wp-content/themes/impacto/thumb.php
/wp-content/themes/insignio/images/timthumb.php
/wp-content/themes/InterPhase/timthumb.php
/wp-content/themes/kingsize/timthumb.php
/wp-content/themes/lifestyle/thumb.php
/wp-content/themes/LightBright/timthumb.php
/wp-content/themes/Linepress/timthumb.php
/wp-content/themes/livewire/thumb.php
/wp-content/themes/mademan/scripts/timthumb.php
/wp-content/themes/Magnificent/thumb.php
/wp-content/themes/manifesto/scripts/timthumb.php
/wp-content/themes/Max/thumb.php
/wp-content/themes/Memoir/thumb.php
/wp-content/themes/mimbo/scripts/timthumb.php
/wp-content/themes/mimbopro/scripts/timthumb.php
/wp-content/themes/minecraftapps.com/scripts/timthumb.php
/wp-content/themes/mini-lab/functions/timthumb.php
/wp-content/themes/Modest/thumb.php
/wp-content/themes/Modest/timthumb.php
/wp-content/themes/modularity/includes/timthumb.php
/wp-content/themes/modularity2/includes/timthumb.php
/wp-content/themes/multidesign/scripts/timthumb.php
/wp-content/themes/muse/scripts/timthumb.php
/wp-content/themes/myjourney/thumb.php
/wp-content/themes/myjourney_3.1/thumb.php
/wp-content/themes/MyProduct/timthumb.php
/wp-content/themes/NewsPro/timthumb.php
/wp-content/themes/Nova/timthumb.php
/wp-content/themes/Nyke/timthumb.php
/wp-content/themes/ocram_2/thumb.php
/wp-content/themes/optimize/thumb.php
/wp-content/themes/optimize/timthumb.php
/wp-content/themes/OptimizePress/timthumb.php
/wp-content/themes/overeasy/timthumb.php
/wp-content/themes/pearlie_14%20dec/scripts/timthumb.php
/wp-content/themes/PersonalPress/timthumb.php
/wp-content/themes/photoria/scripts/timthumb.php
/wp-content/themes/photo-workshop/includes/timthumb.php
/wp-content/themes/Polished/timthumb.php
/wp-content/themes/postcard/thumb.php
/wp-content/themes/premiumnews/thumb.php
/wp-content/themes/premiumnews/timthumb.php
/wp-content/themes/productum/thumb.php
/wp-content/themes/profitstheme/thumb.php
/wp-content/themes/prosto/functions/thumb.php
/wp-content/themes/PureType/timthumb.php
/wp-content/themes/purevision/scripts/timthumb.php
/wp-content/themes/Quadro/timthumb.php
/wp-content/themes/redlight/includes/timthumb.php/coffeebreak/thumb.php
/wp-content/themes/Reporter/timthumb.php
/wp-content/themes/retreat/thumb.php
/wp-content/themes/rockstar/thumb.php
/wp-content/themes/rockwell_v1.5/scripts/timthumb.php
/wp-content/themes/rt_crystalline_wp/thumb.php
/wp-content/themes/rt_panacea_wp/thumb.php
/wp-content/themes/rt_syndicate_wp/thumb.php
/wp-content/themes/sealight/thumb.php
/wp-content/themes/SimplePress/timthumb.php
/wp-content/themes/simplicity/thumb.php
/wp-content/themes/simplicity/timthumb.php
/wp-content/themes/skeptical/thumb.php
/wp-content/themes/skeptical/timthumb.php
/wp-content/themes/snapshot/thumb.php
/wp-content/themes/snapshot/timthumb.php
/wp-content/themes/spectrum/thumb.php
/wp-content/themes/spectrum/timthumb.php
/wp-content/themes/telegraph/scripts/timthumb.php
/wp-content/themes/TheCorporation/timthumb.php
/wp-content/themes/themorningafter/thumb.php
/wp-content/themes/TheProfessional/timthumb.php
/wp-content/themes/therapy/thumb.php
/wp-content/themes/TheSource/timthumb.php
/wp-content/themes/thestation/thumb.php
/wp-content/themes/thestation/timthumb.php
/wp-content/themes/TheStyle/timthumb.php
/wp-content/themes/tma/thumb.php
/wp-content/themes/Transcript/thumb.php
/wp-content/themes/Transcript/timthumb.php
/wp-content/themes/tribune/scripts/timthumb.php
/wp-content/themes/typebased/thumb.php
/wp-content/themes/typebased/timthumb.php
/wp-content/themes/u-design/scripts/timthumb.php
/wp-content/themes/vibrantcms/thumb.php
/wp-content/themes/vulcan/timthumb.php
/wp-content/themes/watercolor/includes/timthumb.php
/wp-content/themes/waves/functions/timthumb.php
/wp-content/themes/welcome_inn/timthumb.php
/wp-content/themes/WhosWho/timthumb.php
/wp-content/themes/widescreen/includes/timthumb.php
/wp-content/themes/wootube/thumb.php
/wp-content/themes/wp-clear-prem/scripts/timthumb.php
/wp-content/themes/WPCMS2/scripts/timthumb.php
/wp-content/themes/zenko/scripts/timthumb.php

Not Sure If Your Site is Vulnerable?

There are two methods you can use to check your site:

• Use the TimThumb Vulnerability Scanner plugin to check if your site is running a vulnerable version of TimThumb. This plugin will scan your entire wp-content folder, including plugins, themes and uploads.


• Manually scan your wp-content folder for any 'timthumb.php' or 'thumb.php' files.

How to Update TimThumb

Should you happen to find a vulnerable version of TimThumb on your site, here are some easy-to-follow instructions that will guide you through the update process.

As a side note, I recommend doing a little research to beef up the security on any WordPress websites you may be running. Here’s a pretty good list of 25 Essential Security Plugins + Tips.

List last updated: 2/7/2013

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

"Did you see this pic of you?" Phishing Scam Stealing Twitter Logins

There’s a new phishing scam circulating on Twitter and judging by the amount of phishy DMs we’re receiving, a lot of folks are falling for it.

Tsk, tsk, people. Have we not learned anything from past phishing attacks?

How the Scam Works

Similar to previous scams, it all starts with an intriguing direct message:

Did you see this pic of you? lol [SHORT LINK]

The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:

Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:

After a few seconds, you’ll be redirected to the real Twitter website:

At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.

Don’t Fall for This Scam!

Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:

• Do not follow short links without expanding them first. You can use a free service like longurl.org to check the true destination before following a link.


• Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?


• Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.

What to Do with Twitter Phishing Scam DMs

If you happen to receive one of these phishing messages, it is recommended that you:

• Avoid clicking on any embedded links.


• Report the DM to Twitter.


• Let the sender know that their account has been compromised and advise them to change their Twitter password.


• Delete the DM immediately.


• Warn your fellow Twitter users!

Have you seen this scam yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

DocuSign Phishing Emails Loaded with Data Stealing Trojan

Professionals that use DocuSign should beware of an active phishing campaign looking to infect their computer with a data-stealing Trojan, warns antivirus firm Bitdefender.

The phishing email has been carefully crafted to appear as if it were a legitimate notice sent by DocuSign Electronic Signature Service on behalf of the administration department of the recipient’s company.

Screenshot Credit: Bitdefender

From: DocuSign Service (dse@docusign.net)
Subject: To all Employees – Confidential Message

DocuSign
Your document has been completed

Sent on behalf of administrator@bitdefender.com.

All parties have completed the envelope ‘Please DocuSign this document: To All Employees 2013.pdf’.

To view or print the document download the attachment .

(self-extracting archive, Adobe PDF)

This document contains information confidential and proprietary to bitdefender.com

LEARN MORE: New Features | Tips & Tricks | View Tutorials

DocuSign. The fastest way to get a signature.

If you have questions regarding this notification or any enclosed documents requiring your signature, please contact the sender directly. For technical assistance with the signing process, you can email support.

Attached to the email is a zip file named “To ALL Employees.zip,” and it shouldn't be a surprise to anyone that inside the archive is a payload identified as Trojan.Generic.KD.834485.

Once it has infected a machine, Trojan.Generic.KD.834485 will get to work by stealing login credentials stored in email clients & web browsers, attempt to log into other network machines by guessing weak passwords using remote desktop protocol (RDP), possibly download and install additional malware (such as the infamous ZeuS/Zbot), and collect account information related to server names, port numbers, login IDs, FTP clients, and cloud storage programs.

DocuSign is aware of this email threat and has taken the courtesy of posting a warning on their website advising users that legitimate emails do not contain zip or executable files as attachments and to mouseover links to check for the docusign.com or docusign.net domains before following them.

Think You Received a DocuSign Phishing Email?

• Do not download or open any attached files.


• Hover your mouse over links to check for the legitimate docusign.com or docusign.net domains. (Note: This may not matter if a file is attached since real emails from DocuSign do not contain attachments.)


• Report the email by forwarding it to spam@docusign.com.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Malware Abuses Skype Chat to Spread Once More

Skype users should exercise caution when clicking links shared via chat as there has been an influx in malware using Skype in order to propagate.

Shylock Trojan

CSIS first warned of a new variant of the Shylock Trojan using Skype to spread thanks to its creators updating it with a plugin named “msg.gsm.”

Shylock typically spreads via drive-by-downloads, phishing emails, and removable drives attached to infected systems, but the new addition provided another infection method as it gave the Trojan the ability to abuse Skype’s chat feature to send messages containing links to malicious websites serving the malware.

Other functionality granted by msg.gsm includes sending IMs and transferring files, clearing chat and file transfer history, bypassing Skype’s connection warning/restrictions, and sending requests to a remote server.

That’s only a fragment of what Shylock is capable of, though. Shylock can allow attacker to perform a number of activities on an infected system, like inject malicious code into web pages, steal cookies, download and execute files, and more.

Thankfully, Microsoft has stated that they have managed to completely block Shylock (Microsoft detects it as Backdoor:Win32/Capchaw.N) on Skype, but the company still encourages users to avoid opening links from untrusted sources or visiting untrusted websites.

For those of you who may be concerned that you got hit with the threat prior to it being blocked, Microsoft suggests you watch out for the following symptoms:

• The presence of messages or files in your Skype conversation history that you do not recall writing or transferring


• Your Skype conversation history is empty


• You do not receive alerts or warnings from Skype, where previously you did so

Shylock is known for its advanced detection evasion techniques, so do what you can to prevent an infection (tips below).

Phorpiex Worm

Even if you do manage to avoid Shylock, you still have to worry about WORM_PHORPIEX.JZ, which TrendMicro says is also abusing Skype chat to spread.

Upon infection, Phorpiex will modify the system registry to bypass any firewalls and start whenever Windows does, open a backdoor by connecting to a specific IRC chat server and join the channel #go, send emails with malicious attachments containing a copy of itself, spread to accessible removable drives and download additional malware including a plugin appropriately named WORM_PESKY.A (“Pesky”) that will send out Skype messages reading:

LOL http://www.[REMOVED]x.uk.com/images/php?id=IMG0540250.JPG

Those of you who have read our guide on how to spot a dangerous image link will be able to tell that this link is not what it seems.

Pesky doesn't do much else beyond spam people with malicious chat messages; Phorpiex is the main threat here.

Protecting Your PC

So, now that you know what you’re up against, what can you do to protect your computer?

• Avoid clicking on suspicious links, regardless of where they come from. Both threats abuse Skype to send IMs, so the malicious link can come from one of your contacts if their machine has been infected.


• Do not download or open files that come from unknown or untrusted sources.


• Keep your operating system and installed third-party software fully patched and up-to-date to minimize the chances of a successful drive-by-download attack.


• Always run antivirus software and keep the virus definitions current.


• Use a Windows user account with limited privileges (i.e. no permission to install software).

What to Do if Your System is Infected

Already have the misfortune of encountering one of these threats?

For Shylock, Microsoft’s Threat Center states you can use Microsoft Security Essentials (or Windows Defender for Windows 8) to detected and remove it.

For Phorpiex, users can use antivirus solutions by TrendMicro, Microsoft, ESET or Ikarus to detect and remove it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Nasty Trojan Posing as Bogus Java "Update 11" Patch

On the hunt for the latest Java update?

Make sure you download it from a reliable source, like say, java.com and not some random third-party website.

TrendMicro found at least one website peddling malware disguised as a fake “Java Update 11” update.

The threat in question is a nasty Trojan detected as JAVA_DLOADER.NTW that’s delivered as a file named javaupdate11.jar.

The bogus update file, Javaupdate11.jar, contains javaupdate11.class, which downloads and executes two malicious files:

• up1.exe (detected as BKDR_ANDROM.NTW)


• up2.exe (detected as TSPY_KEYLOG.NTW)

Once executed, BKDR_ANDROM.NTW will open a backdoor on the infected system to grant remote access to an attacker.

Users are more likely to notice TSPY_KEYLOG.NTW, though, as it will download ransomware (TROJ_RANSOM.ACV) that will attempt to lock the affected machine and demand payment from the end-user to regain access.

Steer Clear of Fake Java Updates!

It’s important to note that this malware does not exploit any Java-related vulnerabilities: it requires user-interaction to make its way onto a PC. So, you should be safe as long as you:

• Download Java updates directly from Oracle on java.com, or simply use Java’s built-in update mechanism to download and install updates.


• Do not download Java updates from random websites.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+