Microsoft Issues Worldwide Virus Alert

The talk and the footprint of computer viruses in the online world had reduced significantly in the last year. Hackers and online miscreants had moved on to other methods of attacking computers as viruses were considered to be too weak. But Microsoft recently announced that the trend is all set to change in the coming days. A security expert from the IT giant said that hackers were reverting back to the usage of viruses and coming up with innovative attack vectors. He said that this year, the world will witness a significant increase in the usage of viruses for attacking computers (both personal and corporate).

Low Broadband Penetration Rate

Tim Rains, the security expert who announced the news, said that Microsoft was monitoring the virus trends on the World Wide Web and noticed a spike in the volume of viruses for the first time. He said that low broadband penetration rate has increased the chances of a computer getting infected with any of the malicious software, including Trojans and worms. He said that this trend is being exploited by hackers and they are using viruses more actively to infect broadband connected computers (which is almost every internet enabled computer today). Microsoft also added that they had traced the infections to as far as Egypt, Pakistan, and Bangladesh.

Viruses Are Easy to Eliminate

Rains said that even today, viruses are very easy to be removed as their signatures can be easily detected and tracked. He said that users are expected to keep their anti-virus systems updated which will significantly reduce the chances of being attacked by a virus.

[via NBC News ]

Texas Plant Explosion Spam Leads to Malware Attack

Considering cybercriminals jumped on the opportunity to spread malware by sending spam related to Monday’s Boston marathon bombing, it’s not all that surprising that they’re now doing the same with yesterday’s fertilizer plant explosion in West, Texas.

Here are some of the subject lines to watch out for:

• West TX Explosion


• Waco Explosion HD


• Texas Plant Explosion


• Texas Explosion Injures Dozens


• CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas


• Raw: Texas Explosion Injures Dozens

Like the marathon-themed emails, the spam messages tied to the new fertilizer plant explosion trick users into following malicious links by promising video footage of the devastating event.

Image Credit: Sophos

While it’s true that the victim is presented with a series of embedded videos related to the incident, they are also being exposed to the misdeeds of the Redkit exploit kit, which will use Adobe PDF or Java vulnerabilities to silently install malware on the victim’s computer.

Avoiding these attacks should be relatively easy – don’t follow links in unsolicited emails. Aside from that, keeping your operating system (& installed software) up-to-date and running antivirus software should help your PC remain malware-free.

Have you received any suspicious emails related to the plant explosion or marathon bombing? Share your experiences below and get the word out to help protect others!

[via Sophos][via AppRiver]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spyware Uses Fake Facebook Page to Steal Credit Card Data

It’s time to scan your computer for malware if you try to visit Facebook.com and land on a "security check" page requesting that you enter your credit card information to “verify your account.”

Spyware that TrendMicro researchers identify as TSPY_MINOCDO.A tricks unsuspecting users into disclosing their financial information by redirecting them to a spoofed Facebook security check page every time they attempt to visit the social networking site.

The redirect is done through the infected machine’s HOST file, and prevents the user from accessing any legitimate Facebook pages until the malware is removed.

Please complete a security check

Security checks help keep Facebook trustworthy and free of spam.

Use a credit card to verify your account

To keep Facebook a safe environment and to make sure that you are using your real name, we require you to confirm your identity by submitting your credit card information.

- This information will only be used to verify your identity.
- Your credit card will not be charged in any way.
- We do not store any credit card information on our servers.
- Please enter the following information to be able to continue using your Facebook account.

Information submitted through the false Facebook page is sent back to the cybercriminals to use as they please.

Aside from stealing payment information, researchers say that TSPY_MINOCDO.A modifies the system registry to ensure it starts every time Windows does, performs DNS queries to multiple domains to ensure that it can report back to its command server, and monitors all browsing activity.

TSPY_MINOCDO.A is distributed via drive-by-download attacks and other malware, so users can protect their computers by:

• Keeping their operating system and installed software fully patched and up-to-date.


• Always running antivirus software and keeping the virus definitions current.


• Exercising caution when following hyperlinks (do a little research first!).


• Disabling Java in their browser if it is not needed (the Java browser plugin is often targeted in cyberattacks).

Above all else, trust your instincts and don’t hand out your credit card information to “verify” your account on a FREE social networking website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Trojan Poses as Flash Player 11 Update, Changes Browser Home Page

Be sure to refer to Adobe’s official website if you’re looking to update Flash Player to the latest version.

There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.

Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:

 

While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:

• www.anasayfada.net


• www.heydex.com

“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.

Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.

Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.

• Only download Flash Updates from adobe.com, and not some random website.


• Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).

Is Your Computer Infected?

To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:

• Microsoft 


• McAfee


• AVG


• Ikarus

Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:

Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account

Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

• Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.


• Always double-check the URL in your address bar before entering any confidential information, including login credentials.


• Beef up your Facebook account security by enabling login notifications and login approvals.

Did You Fall for This Scam?

If you have already fallen for this scam:

• Change your password immediately - if you still can.


• Check out the 'Hacked Accounts' section of Facebook's Help Center.

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Adobe Patches Flash Again to Protect FireFox Users Against Malware Attacks

Adobe has released yet another emergency patch for Flash Player to fix three vulnerabilities, two of which cybercriminals are actively exploiting in attacks that target Firefox users.

The attacks are designed to trick users into clicking links pointing to a website rigged with malicious Flash (SWF) content. Adobe warns that the two vulnerabilities exploited in these attacks, CVE-2013-0643 (permissions issue with Flash Player Firefox sandbox) & CVE-2013-0648 (bug in ExternalInterface ActionScript feature) could allow an attacker to crash and take control of the affected system.

The third vulnerability, CVE-2013-0504 (buffer overflow) isn’t listed as a vulnerability actively being used in attacks, but it “can be used to execute malicious code.”

Naturally, Adobe recommends that users update their Flash Player to the latest version, regardless of their operating system or browser of choice.

Affected Flash Player Versions

Users can check what version of Flash Player they have installed by right-clicking on content running in Flash Player and selecting the 'About Adobe Flash Player' from the menu, or by visiting the About Flash Player page.

• Adobe Flash Player 11.6.602.168 and earlier versions for Windows


• Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh


• Adobe Flash Player 11.2.202.270  and earlier versions for Linux

New Flash Player Versions

Users can visit the Flash Player Download Center to download the latest version.

After updating their system, users should be running the following version of Flash Player:

• Adobe Flash Player 11.6.602.171 (Windows & Mac)


• Adobe Flash Player 11.2.202.273 (Linux)

[via Adobe Security Bulletin]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Confirms 0-Days in PDF Reader & Acrobat, Says Patch in the Works

Adobe has confirmed the existence of two critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat that are actively being exploited in targeted attacks.

FireEye researchers first spotted the exploit earlier this week, and revealed attacks involved a malicious PDF disguised as an international travel visa application that would drop 2 DLLs onto the target system upon successful execution.

Although these attacks appear to target Windows users, Adobe’s security advisory notes that the vulnerabilities affect Adobe Reader & Acrobat for other operating systems:

• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux


• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Protect Yourself

Adobe is currently working on a patch to fix the security holes, and advises users to enable Protected View in the meantime:

• Menu -> Edit


• Selecting Preferences


• Clicking Security (Enhanced)


• Pick “Files from potentially unsafe locations”

Adobe also advised enterprise administrators that they can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. (More information on that here.)

Aside from that, try not to open any suspicious PDF files sent from untrusted sources (for instance, an unsolicited email).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Updates Flash Player to Fix Vulnerabilities Used in Ongoing Attacks

It’s time to update Adobe Flash Player!

Adobe released an emergency patch for Adobe Flash Player to address two vulnerabilities (CVE-2013-0633 & CVE-2013-0634) that are actively being exploited by cybercriminals to spread malware.

Attacks using the CVE-2013-0633 vulnerability involve tricking Windows users into opening a booby-trapped Word document (.doc) containing malicious Flash (SWF) content. The malicious Word documents arrive as an email attachment.

The second vulnerability, CVE-2013-0634 is being exploited in drive-by-download attacks using malicious Flash content and pose a threat to both Windows & Mac OS X users.

Adobe recommends that Linux and Android users update their software even though Windows & OS X are the only ones that appear to be targeted in the ongoing attacks.

Affected Flash Player versions, according to Adobe’s security advisory:

• Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh


• Adobe Flash Player 11.2.202.261 and earlier versions for Linux


• Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x


• Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

Not Sure What Version of Flash Player You Have?

Users that are unsure of what version they’re running can find out by:

• Visiting the About Flash Player page on Adobe’s website.


• Right-clicking on content running in Flash Player & select “About Adobe (or Macromedia) Flash Player” from the menu.

Be sure to check the version in each web browser installed on your system; just remember that Google Chrome & IE10 will be updated automatically!

How to Update Adobe Flash Player

To update their installation of Adobe Flash Player, users can:

• Download the update from the Adobe Flash Player Download Center.


• Use the built-in update mechanism in Windows Control Panel or OS X System Preferences.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Security Flaw Found in VLC Media Player 2.0.5 & Earlier

VideoLAN is advising VLC media player users not to open files from untrusted third-parties following the discovery of a vulnerability in the ASF demuxer of VLC media player versions 2.0.5 and earlier.

According to the security advisory posted on the VideoLAN website, a buffer overflow might occur when parsing a specially crafted ASF movie, which could allow an attacker to trigger an invalid memory access & crash VLC media player.

The advisory also warns that this exploit could potentially be used by attackers to execute arbitrary code “within the content of the application,” although that scenario has not been confirmed.

VideoLAN states that this vulnerability will be patched in version 2.0.6, but it’s unclear when it will be released. The advisory hinted at a January release, but only 2.0.5 remains available to download.

In the meantime, users can protect themselves by:

• Only opening or accessing files that come from trusted sources.


• Disabling VLC browser plugins until the patch is applied.


• Manually removing the ASF demuxer (libasf_lugin.*) from the VLC plugin installation directory to prevent ASF movie playback.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

"Did you see this pic of you?" Phishing Scam Stealing Twitter Logins

There’s a new phishing scam circulating on Twitter and judging by the amount of phishy DMs we’re receiving, a lot of folks are falling for it.

Tsk, tsk, people. Have we not learned anything from past phishing attacks?

How the Scam Works

Similar to previous scams, it all starts with an intriguing direct message:

Did you see this pic of you? lol [SHORT LINK]

The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:

Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:

After a few seconds, you’ll be redirected to the real Twitter website:

At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.

Don’t Fall for This Scam!

Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:

• Do not follow short links without expanding them first. You can use a free service like longurl.org to check the true destination before following a link.


• Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?


• Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.

What to Do with Twitter Phishing Scam DMs

If you happen to receive one of these phishing messages, it is recommended that you:

• Avoid clicking on any embedded links.


• Report the DM to Twitter.


• Let the sender know that their account has been compromised and advise them to change their Twitter password.


• Delete the DM immediately.


• Warn your fellow Twitter users!

Have you seen this scam yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Yahoo! Fixes XSS Exploit Used to Hijack Yahoo! Mail Accounts

An unknown number of Yahoo Mail users found their accounts compromised yesterday, thanks to a document object model-based cross-site scripting vulnerability that was discovered by a security researcher by the name of Shahin Ramezany.

Ramezany posted a video on YouTube demonstrating the XSS vulnerability, which only takes minutes to execute and affects all current browsers, on January 6^th. According to the video, a Yahoo! Mail user can fall victim to the exploit by simply clicking on a malicious link sent to them via email, putting an estimated 400 million accounts at risk of being taken over.

Users that were affected by the exploit took to Twitter to complain and warn anyone that received an email from them not to click any embedded links.

Thankfully Yahoo! stepped in to close the security hole yesterday evening, issuing the following statement to The Next Web in the process:

“At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

Lesson to be learned here? Exercise caution when following links, even when they are sent by a friend - you never know what hides behind it!

Update: Researchers say Yahoo! Mail exploit still active, despite claim of being fixed

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

'Change Your Facebook Color' Scam Tricks Users into Downloading Malicious Chrome Extension

Cybercriminals are doing all they can to take advantage of Facebook users that [for whatever reason] want to change the site’s theme color.

Dozens of internet scams have popped up in the past, promising to give Facebook users the ability to change Facebook’s signature blue to another color, such as pink or black. Most of these offers turned out to be nothing more than a survey scam, but there were some that were just a way for the scammer to take over the victim’s Facebook account.

The goal of the latest version of the Facebook color-changing scam, however, is to get users to download a malicious Chrome extension.

Potential victims are first exposed to this scam after receiving a Facebook event advertising a Tumblr page, titled ‘My Friends Can Change The Facebook Color’ that will redirect them to another site offering the rogue Chrome extension.

[gallery columns="2" link="file" ids="8221,8222"]

Screenshot Credits: Webroot

Once installed on the victim’s browser, the extension runs a script that will keep the scam going by:

• creating a new Tumblr page that redirects to the page promoting the Chrome extension


• creating a new Facebook event promoting the offer & directing users to the freshly-created Tumblr page


• inviting all of the victim’s friends to the event

As Webroot researchers have pointed out, the real danger lies within the fact that the rogue Chrome extension will have access to all of your data on all websites along with access to your tabs and browsing history.  That’s a lot of information you don’t want in the hands of a scammer.

Honestly, changing the Facebook website colors isn’t important enough to risk having sensitive information stolen – or having your account taken over by an attacker (if that’s the goal of the scam).

Did You Fall for this Scam?

If you've already fell for this scam, it is recommended that you:

• Delete the Facebook event.


• Remove the Chrome extension from your browser
  
  
  
  • Click the Chrome 'Menu' button
  
  
  • Select Tools
  
  
  • Select Extensions
  
  
  • Click the Trash icon next to the extension
  
  
  • Click 'Remove' in the confirmation dialog
  
  
  
  


• Warn your Facebook friends about this scam & advise fellow victims to follow these same steps.

Make sure you steer clear of any offers to change Facebook theme colors in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

SMS Spam Claims You Won $100 Starbucks Gift Card

If you thought there was something phishy about that unsolicited text message claiming that you won a $100 Starbucks gift card, give yourself a pat on the back for being right.

Scammers are spamming out the following text message, hoping caffeine lovers will bite the bait and hand over personal details to redeem their “prize” -

Your recent entry has won. Claim your $100 Starbucks Gift Card here hxxp://buxcrd.com

Following the link will take you to the page seen below on buxcred.com, a domain that's clearly not related to Starbucks:

Clicking “continue” will redirect you to another site, starbucks.freegiftcardworld.com that asks for your email address:

Hopefully you noticed the fine print on this page, because it clearly states that you will have to meet some “eligibility requirements” to claim this $100 Starbucks gift card that you supposedly won. The one requirement that should convince you to stop here is #4, which states:

4) Eligible members can receive the incentive gift package by completing two reward offers from each of the Silver and Gold reward offer page options and nine reward offers from the Platinum reward offer page options and refer 3 friends to do the same. Various types of reward offers are available. Completion of reward offers most often requires a purchase or filing a credit application and being accepted for a financial product such as a credit card or consumer loan.

Hmmm... doesn’t seem like anything was “won” here at all.

If you’re still not convinced, the next page will ask for your personal information – full name, address, date of birth & cellphone number – and a series of random yes/no questions like, ‘Are you interested in going back to school’ and ‘Do you have $10k or more in credit card debt?’ Those seem totally related to the giveaway, right? (/sarcasm)

(Sidenote: Think twice about giving out your mobile cellphone number as scammers have been known to sign victims up for expensive SMS services.)

Filling out this page and clicking ‘Continue’ will take you to Step 3, which offers a new Cell Phone. Folks that cannot resist clicking on that offer will see a popup window with nothing more than an advertisement.

Closing the window will reveal a blank screen, which is also the same result you get if you click the barely noticeable ‘No thanks’ button on step 3.

That’s the end of this rabbit hole.

What to Do If You Receive SMS Spam

If this text message lands in your SMS inbox, it is recommended that you:

• Do not click on the link.


• Do not supply any personal information.


• Report the message by forwarding it 7726 (stands for S-P-A-M). You may get an automated reply asking for the sender number.


• Delete the text message.

Additionally, you can check with your cellphone service provider to see what measures can be taken to stop future SMS spam. Just keep in mind that it’s likely future text message spam will come from a different number.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Phishing Page Offers Fake Security App to Facebook Users

Would you believe an app that promised to protect your Facebook account from being hacked?

Symantec researchers recently found that cybercriminals had set up a phishing site offering a Facebook app that allegedly protects your account from hackers. The irony in this scam, of course, is not only the fact that it sets user accounts up for hijacking, but the fact that it’s so poorly carried out.

While the scammers did put effort into spoofing the Facebook site design, the phishing page is hosted on a free web-hosting site and for some reason has an image of a fake Facebook stock certificate at the bottom of it.

To install the app, users must provide their Facebook login information and then enter a confirmation code, which researchers found is always “7710.” After entering the requested information, users will see a confirmation page that thanks them for “using this service” and states that their Facebook account will be secure in 24 hours.

That should be plenty of time for the scammer to login and take over their Facebook account.

Protecting Your Facebook Account

If security is a concern, users can keep their Facebook account safe from hackers by following these safety tips:

• Use a unique, strong password for their account. (Don’t share your password either!)


• Enable secure browsing (https) on their Facebook profile. (Why?)


• Enable login notifications, text message notifications & login approvals under Facebook’s security settings.


• Use Facebook’s App Center to find and install Facebook apps.


• Always check the URL before entering Facebook login credentials.


• Exercise caution when checking email (no clicking links or downloading files attached to unsolicited emails) and surfing the web.


• Keep your operating system & antivirus current to minimize the chances of malware infecting your machine.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

FedEx Spam Delivers Zortob.B Trojan at Your Virtual Doorstep

There’s a fresh batch of FedEx spam going out, loaded with a malicious link that will attempt to drop malware posing as a postal receipt onto your computer.

The email may carry the FedEx logo and a fairly clean layout; however, the subject line & sender details should serve as a red flag that something is amiss. Here’s the email:

Subject: Tracking Detail (170)10-170-170-6365-6365
From: Priority Shipping Service (user.p[at]seattle.com)

FedEx

Order:  HD-5468-483254683
Order Date: Tuesday, 26 November 2012, 10:17 AM

Dear Customer,

Your parcel has arrived at the post office at November 28. Our postrider was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this postal receipt.

GET POSTAL RECEIPT

Best Regards, The FedEx Team.

The hyperlink included in the email doesn’t point to fedex.com, but a third-party site that will automatically download the file, Postal-Receipt.zip onto your computer.

To no surprise, Postal-Receipt.zip doesn’t contain your postal receipt, but malware identified by ESET Endpoint Antivirus as Win32/TrojanDownloader.Zortob.B (which I refer to simply as “Zortob.B”).

Zortob.B (aka Win32/Kuluoz!zip to Microsoft) is often attached to  fraudulent delivery notices like the one shown above, and should it successfully infect your machine, will attempt to steal login credentials & files from your computer.

Protect Your PC from the Zortob.B Trojan

Since Zortob.B is often delivered via malicious spam, it is strongly recommended that you:

• Avoid downloading files or clicking links attached to unsolicited emails.


• Always run antivirus software that offers real-time scanning.


• Use your computer under a user account with limited privileges.


• Keep your operating system and installed software fully patched & up-to-date.

Removing a Zortob.B Infection

If you suspect that your system may have been infected with the Zortob.B Trojan, it is recommended that you run a full system scan with an up-to-date antivirus solution. We recommend using antivirus products offered by one of the following vendors as they are known to be capable of detecting this threat:

• ESET


• Microsoft


• Sophos

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Malicious Browser Add-on Edits Hosts File to Redirect Users to Phishing Websites

It’s no secret that browser add-ons bring us joy by increasing productivity and enhancing our overall internet experience, but not all add-ons are built with good intentions.

Cybercriminals have been known to push malicious browser add-ons that inject ads into websites or post spam on social network accounts.

More recently, Symantec researchers found that evil-doers have been spreading malicious browser add-ons that will redirect users to phishing websites whenever they type the URL of a legitimate site into their address bar.

These rogue add-ons are served from a phishing website mimicking the look & feel of a popular e-commerce website, complete with a typo-squatted domain and all.

The spoofed e-commerce website detects the user’s browser upon visit and prompts them to install the add-on for their particular browser. If the end-user chooses to install the add-on, it will modify the hosts file located in the Windows System32 directory, assigning the domain names of well-known companies to IP addresses of phishing websites.

For the uninitiated, Symantec explains that “when a user enters a website URL in the browser address bar, it checks the local DNS information, such as the hosts file, before sending a DNS query to the Internet.” That means if you type the web address for a website that’s been re-assigned using the hosts file, you’ll be directed to the phishing website instead of the legitimate one.

Fortunately Symantec says that the phishing site pushing the add-on has been taken offline, but another can easily pop-up elsewhere. Therefore, users are urged to remain vigilant and proceed with caution when installing software on their computer, even browser add-ons.

Browser Add-on Safety Tips

• Use your browser’s built-in mechanism or visit the official add-on markets for Firefox, IE, Chrome, etc. to browse & install available add-ons.


• Check the number of downloads, add-on rating, and user reviews for any red flags before downloading.


• Do not download or install add-ons from unknown or untrusted sources.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Cybercriminals Setup Fake Update Pages for Chrome, Firefox & IE

Do you know how to update your web browser?

One of the nice things about Google Chrome is that it automatically updates whenever a new browser version is detected.

Aside from that, you can manually check for updates by clicking the Menu icon and selecting ‘About Chrome’. If there are any updates found, it will download them automatically and install them whenever you decide to restart your browser.

Firefox is pretty much the same, as well as Opera.

Internet Explorer is a bit different as it usually involves downloading another browser, like Firefox or Chrome. – Just kidding! Internet Explorer 9 updates are provided via Windows Updates.

And yes, knowing how to update your web browser is important.

Aside from running the risk of having a browser vulnerability exploited in a cyber-attack, there’s always the chance of you downloading malware posing as a browser update.

StopMalvertising warns that cybercriminals have launched new phishing schemes using malvertisements and fake browser update webpages in hopes of tricking you into downloading malware onto your computer.

The risk of falling for a phony browser update page is present regardless if you use Firefox, Chrome or Internet Explorer. The pages are set to detect your browser of choice & customize the content just for you:

Screenshot Credit: StopMalvertising

In the event that the script cannot determine which browser you’re using, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download.

A VirusTotal scan of the file served in the attack, index.exe found that it is actually Trojan:Win32/Startpage.UY.

Once it infects your machine, Trojan:Win32/Startpage.UY will change your browser’s homepage. While that may seem harmless, it’s important to note that TrendMicro’s analysis of this attack found that the updated home page may “host other malicious files that can further infect [your] system.”

One of the things that set this particular batch of fake browser update pages apart from the ones we saw back in January is the fact that these new pages pose a threat to mobile users as well.

Although it does not appear that payloads targeting smartphones are served, StopMalvertising noticed JavaScript on the site that will display pop-ups and notifications asking for your mobile phone number. Providing such information to a scammer can be a costly mistake as they won't think twice about signing you up for expensive SMS services, so don't do it!

How to Avoid Falling for Fake Browser Update Phishing Schemes

So now that you know the risks, what can you do to avoid becoming a victim?

• Always use your web browser’s built-in update mechanism or download updates from a legitimate source (like the vendor’s official website).


• Always run antivirus software that offers real-time scanning and always scan downloaded files before opening them.


• Remain vigilant when surfing the web and do your best to avoid suspicious links or website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Backdoor Trojan Uses Google Docs to Connect to C&C Servers

Using Google Docs for evil purposes is nothing new.

Cybercriminals have already found that the ability to host online forms using Google Docs can prove quite useful when launching phishing attacks.

Now it seems that they’ve discovered that there’s more value in Google Docs, and have begun using it as a proxy server to pass information between command & control servers and machines infected with the latest variant of Backdoor.Makadocs.

As explained on the Symantec security blog, this is all made possible thanks to a Google Docs feature called viewer that retrieves the resources of another URL and displays it.

Of course, Backdoor.Makadocs’s use of Google Docs' viewer feature is a violation of Google’s policies, but it’s highly doubtful that cybercriminals care. They’re likely more interested in the benefits, which include hiding command & control server communications and the fact that the connection to the Google Docs server is encrypted using HTTPS, making it difficult to block locally.

Backdoor.Makadocs appears to primarily target Brazilian users, and arrives as a Microsoft Word document or Rich Text Format (RTF) file that relies on social engineering tactics to infect the machine. Symantec detects the Word & RTF files associated with this attack as Trojan.Dropper.

Should Backdoor.Makadocs manage to find its way onto your PC, it will do as its name suggests and open a backdoor to siphon sensitive information out of your machine.

Keeping Your PC Safe from Makadocs Malware

• Keep your operating system and installed software fully patched and up-to-date.


• Always run antivirus software that offers real-time scanning.


• Do not download files from unsolicited emails or untrusted sources.


• Do not click suspicious hyperlinks, regardless if how they were shared (email, social network, etc.)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Double Threat Behind “Heh U Didn’t See Them Tapping U” Twitter DM

Cybercriminals are doing their best to get you one way or another if you click on the link attached to DMs asking if you noticed you were being videotaped.

Don’t be fooled by the fact that the messages come from one of your followers, or that the link appears to go to a Facebook page. It’s only because the first phase of the scam uses a malicious Facebook app to steal Twitter login details.

It all begins with a direct message that goes a little something like this…

heh u didnt see them tapping u
hxxp://facebook.com/241455879316971?eby_creepy

Clicking on the link will take you to an evil Facebook app that requests your Twitter username and password before revealing the alleged video of you.

The fun doesn’t stop there, though. Once you’ve foolishly handed over the keys to your Twitter account, you will be redirected to a third-party site dressed up as a Facebook page with an embedded video that you can’t watch because apparently you need to download an update for YouTube Player.

Of course, that “update” (FlasshPlayerV11.137.18.exe) is complete bogus and is actually malware that only 6/44 antivirus programs can detect, according to VirusTotal.

Oh, and there's no video.  Only thing going on here is Twitter account theft and malware infections, move along...

Did You Get This DM?

If you received this message on Twitter, it’s highly recommended that you:

• Do NOT click the link, provide your Twitter login OR download ‘YouTube Player’ updates – it will not end well if you do.


• Report the DM to Twitter.


• Let the sender know that they have fallen for a scam and urge them to not only change their Twitter account password, but scan their computer for malware. (Check the VirusTotal report above to see what antivirus can detect the infection.)


• Delete the DM immediately.

Outside of that, be sure to give your friends & family a head’s up about this scam.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.