Security Flaw Found in Facebook Pages Manager App for Android

Facebook Patches Privacy Flaw In Pages Manager For Android ...

Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public.   Shortly after  the details of this  issue went  public, Facebook Security got in touch ... a fix had been rolled out server-side, and noapp update was necessary.

 

Serious Privacy Flaw In Facebook Pages Manager ... - Android Police
www.androidpolice.com/.../serious-privacy-flaw-in-facebook-pages-man...‎

2 days ago – Update 5/26/13 11:30pm PT: Rory from Facebook Security has informed .... Facebook Pages Manager App Updated To 1.4 With Photo Albums, ...

Privacy Flaw Found in Facebook Pages Manager ... - Softpedia News
news.softpedia.com › News › Telecoms › Mobile Blog‎

1 day ago – Privacy Flaw Found in Facebook Pages Manager for Android. ... Facebook Messenger and Facebook Apps Updated on Android · Oppo Find 5 ...

Flaw in Facebook Pages Manager for Android makes your private messages public
http://tech2.in.com/news/android/flaw-in-facebook-pages-manager-for-android-makes-your-private-messages-public/874420

If you have Facebook’s Pages Manager application installed onto your Android devices to access your pages at any time of the day, you need to beware. If you plan on sending an image as a private message to a fan of your page, chances are that the image will get posted onto your wall for all your fans to see.

 

Microsoft Issues Worldwide Virus Alert

The talk and the footprint of computer viruses in the online world had reduced significantly in the last year. Hackers and online miscreants had moved on to other methods of attacking computers as viruses were considered to be too weak. But Microsoft recently announced that the trend is all set to change in the coming days. A security expert from the IT giant said that hackers were reverting back to the usage of viruses and coming up with innovative attack vectors. He said that this year, the world will witness a significant increase in the usage of viruses for attacking computers (both personal and corporate).

Low Broadband Penetration Rate

Tim Rains, the security expert who announced the news, said that Microsoft was monitoring the virus trends on the World Wide Web and noticed a spike in the volume of viruses for the first time. He said that low broadband penetration rate has increased the chances of a computer getting infected with any of the malicious software, including Trojans and worms. He said that this trend is being exploited by hackers and they are using viruses more actively to infect broadband connected computers (which is almost every internet enabled computer today). Microsoft also added that they had traced the infections to as far as Egypt, Pakistan, and Bangladesh.

Viruses Are Easy to Eliminate

Rains said that even today, viruses are very easy to be removed as their signatures can be easily detected and tracked. He said that users are expected to keep their anti-virus systems updated which will significantly reduce the chances of being attacked by a virus.

[via NBC News ]

Malware Distributed from Phony SourceForge Website

Make sure you double-check the URL in your browser’s address bar or dialog window before downloading files online.

Zscaler researchers discovered that cybercriminals were taking advantage of the trusted reputation of SourceForget[.net] by distributing malware through a similar domain, sourceforgetchile.net.

The malicious file analyzed by Zscaler, minecraft_1.3.2.exe, was posing as a file associated with the popular game, Minecraft as the name suggests.

In reality, the executable file was a piece of malware closely related to the ZeroAccess Trojan that, upon a successful infection, will hide in the Recycle bin, inject malicious code into running processes, recruit the computer into a botnet, and generate revenue for its operators by part-taking in click fraud.

Thankfully this threat has a high detection rate (32/46), according to a VirusTotal report. So in the event that you downloaded the Trojan, you can perform a full system scan using one of the many AV programs capable of finding & removing it.

Aside from that, stay vigilant & always double-check the URL before clicking 'Download'.

[via Zscaler]

Texas Plant Explosion Spam Leads to Malware Attack

Considering cybercriminals jumped on the opportunity to spread malware by sending spam related to Monday’s Boston marathon bombing, it’s not all that surprising that they’re now doing the same with yesterday’s fertilizer plant explosion in West, Texas.

Here are some of the subject lines to watch out for:

• West TX Explosion


• Waco Explosion HD


• Texas Plant Explosion


• Texas Explosion Injures Dozens


• CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas


• Raw: Texas Explosion Injures Dozens

Like the marathon-themed emails, the spam messages tied to the new fertilizer plant explosion trick users into following malicious links by promising video footage of the devastating event.

Image Credit: Sophos

While it’s true that the victim is presented with a series of embedded videos related to the incident, they are also being exposed to the misdeeds of the Redkit exploit kit, which will use Adobe PDF or Java vulnerabilities to silently install malware on the victim’s computer.

Avoiding these attacks should be relatively easy – don’t follow links in unsolicited emails. Aside from that, keeping your operating system (& installed software) up-to-date and running antivirus software should help your PC remain malware-free.

Have you received any suspicious emails related to the plant explosion or marathon bombing? Share your experiences below and get the word out to help protect others!

[via Sophos][via AppRiver]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

American Airlines Spam Spreads Backdoor Trojan

Webroot is cautioning users not to fall for spam emails posing as a notification from American Airlines stating that their ticket is all set and ready for download.

This spam campaign isn’t exactly new, although previous versions may have had malicious files attached directly to the email itself.

Here’s what the current variant looks like:

 

American Airlines

Customer Notification

Your bought ticket is attached to the letter as a scan document.

To use your ticket you should Download It.

The embedded link will prompt users to download an executable, “Electronic Ticket.exe” that only 10/46 antivirus will identify as malware.

Dr. Web antivirus detects the threat as BackDoor.Kuluoz.4. Once it has infected your system, BackDoor.Kuluoz.4 will modify system files, inject itself into system processes and connect to a list of command & control servers.

Did You Get this Spam Email?

If you received a copy of this spam email, it is advised that you:

• Do not click on any links within the email.


• Do not download any files that may be attached or linked from this email.


• Forward a copy of the email, including the header to webmaster@aa.com.


• Delete the email immediately.

If You Downloaded Any Files...

If you made the mistake of clicking the link or opening any files attached to spam emails resembling the one above, you are advised to perform a full system scan using an antivirus solution offered by one of the following vendors:

• Dr. Web


• Sophos


• Kaspersky

Their products are capable of detecting and removing the threat associated with this attack. Be sure to be more careful in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Trojan Poses as Flash Player 11 Update, Changes Browser Home Page

Be sure to refer to Adobe’s official website if you’re looking to update Flash Player to the latest version.

There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.

Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:

 

While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:

• www.anasayfada.net


• www.heydex.com

“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.

Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.

Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.

• Only download Flash Updates from adobe.com, and not some random website.


• Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).

Is Your Computer Infected?

To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:

• Microsoft 


• McAfee


• AVG


• Ikarus

Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Watch Out for Mobile Adware Posing as Candy Crush Saga Apps

Think twice before you download apps that claim to offer cheats or guidance for the popular matching game, Candy Crush Saga.

TrendMicro warns that ill-willed developers have started cashing in on the game's popularity by creating fake Candy Crush apps containing the code for the Leadbolt & AirPush ad networks.

AirPush and Leadbolt have gained quite a poor reputation for their “aggressive marketing practices,” which include placing ads to the notification/status bar, placing ad-enabled search icons on your mobile desk, and collecting user information.

Infact, these ad networks (and a few others) have become such a nuisance that developers & mobile security app vendors have released apps capable of detecting their presence so users can determine which apps are displaying ads on their device (and need to be removed).

TrendMicro’s mobile security app detects the AirPush & Leadbolt ad networks as ANDROIDOS_AIRPUSH.HRXV and ANDROIDOS_LEADBLT.HRY, respectively.

How to Avoid Candy Crush Saga-Themed Adware

As a fan of Candy Crush Saga, I can tell you that a large part of the game relies on luck, so those “cheats” and guides won’t be of much use since the candies aren’t laid out in a specific pattern.  You’ll have to figure it out on your own.

Aside from that, you can gauge the safety of an app by:

• Check the number of downloads and the app’s rating.


• Reading user reviews – usually users will spill the beans on what’s really going on with an app.


• Do a little homework on the developer – i.e. Google their name and make sure there aren’t any red flags in the results.


• Review the app permissions – sometimes the permissions can be hard to gauge (as some legitimate apps require odd permissions), but other times they can throw a big red flag. Either way, look them over and listen to your gut if something seems off.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Experian Spam Used to Spread Data-Stealing Trojan

Don’t open any files attached to emails purporting to be from Experian, claiming that a “key change” has been posted to “one of your three national credit reports.”

Spammers are pumping out Experian phishing emails in an attempt to infect as many computers as possible with malware.

Below is a copy of the email to watch out for:

From: Experian
Subject: IMPORTANT – A Key Change Has Been Posted

Experian

Membership ID #932823422

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian, Equifax, and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:

• View detailed report by opening the attachment.


• You will be prompted to open (view) the file or save (download) it to your computer.


• For best results, save the file first, then open it in a Web browser.


• Contact our Customer Care Center with any additional questions.

Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

© 2013 Consumerinfo.com, Inc.

The danger of this email lies within the attached file, Credit_Report_XXXXXXXXX.zip which contains an .exe file with the same name and a misleading PDF icon. A virus total scan of the exe reveals that it is actually PWS:Win32/Fareit, and not a credit report as the email suggests (big surprise there).

Did You Receive This Email?

If this email lands in your inbox, be sure that you:

• Do not download or open any attached files.


• Report the email to SpamCop.


• Delete the email immediately.

Did You Already Open the Attached File?

According to Virus Total, 29/46 antivirus programs are capable of detecting the threat associated with this spam campaign, so double-check the VT results and make sure your antivirus can catch it.  Then, do a full system scan and remove any detected threats.

[via DataProtectionCenter.com]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Facebook Pushes App Update to Android Users.... Outside of Google Play

Oh Facebook, WHAT are you doing?

There are reports that Android users that have the Facebook app installed on their devices are being nagged to download and install an update – OUTSIDE of Google Play.

While at first glance this may appear as if there were a bit of malicious activity going on – as authentic app updates are usually delivered via Google Play – it is actually a legitimate update that Facebook says they’re rolling out to a small number of users.

The reason why they decided to push it outside of the Google Play store is still left unclear, but hey, it’s not like it’s the first shady thing they’ve done with the Facebook App for Android.

Obviously this update cannot be applied unless the device is set to allow applications from “Unknown sources” (aka outside of Google Play) to be installed, but enabling this setting is obviously not recommended for security reasons.

Facebook claims that only users with WiFi enabled will get the update notification; however, complaints within the Help Center conflict with that statement. Judging from the thread, I’d say Facebook users are wondering why the social networking giant thinks they’re above pushing updates via Google Play like everyone else.

What are your thoughts on this? Would you install this update on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spam: Surprise! That 40% Apple Discount Coupon is Actually ZeuS Banking Malware

If you get an email offering a coupon to get 40% off Apple products – don’t open the file attached!

Spammers have been sending out emails with bogus coupons that can allegedly be used to shave 40% off the cost of a shiny new iMac, Macbook, or whatever other Apple product the recipient chooses to use it on.

Unfortunately, the only thing enclosed in the file attached to the email, Apple coupon.zip is a copy of the ZeuS Trojan, which will cost the victim money - not help save it - since it steals banking information.

Here's the email to watch out for:

From: Apple Inc.
Subject: You are the one!

One out of thousand!

Only 1000 people have been chosenas winners and you turned out to be one of them!

We?d like to offer you a 40% discount coupon for any Apple production (it?s attached to this email). You can buy a MacBook, iPod, iPhone or anything else Apple products you want! All you need to do is print it out and present at the checkout.
So, next time you go to BestBuy, Circuit City or Apple Store you are able to save up to 40% of any purchase of Apple production.

The discount coupon is accepted in Circuit City, Apple Store ot BestBuy

All the rules and detailed information about the lottery are also can be found in the attachments to this email.

Congratulations!

Did You Get This Email?

If you get an email like the one above, it is recommended that you:

• Do not download or open any files attached to it.


• Report the email to SpamCop.


• Delete the email immediately.

[via Barracuda]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

Spammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:

Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 

Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!

Given that this threat requires user-interaction, avoiding it should be relatively simple.

• Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.


• Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).


• Always keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.

Too Late?

Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

"CIA 'Deleted' Hugo Chavez" Spam Leads to Malware Attacks

Do not let curiosity get the best of you (and your PC) if an email drops in your inbox suggesting that the CIA and FBI played a role in the death of Venezuelan President, Hugo Chavez.

Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.

Below is an example email that Kaspersky researchers warn users not to fall for:

Subject: CIA “DELETED” Venezuela’s Hugo Chavez?

Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.

Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.

Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez

To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)

The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.

Tips to Stay Safe

Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:

• Always keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.


• Do not click hyperlinks embedded in unsolicited emails.


• Do not download or open files attached to unsolicited emails.


• Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.


• Remain vigilant when surfing the web – dangers lurk everywhere!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:

Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account

Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

• Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.


• Always double-check the URL in your address bar before entering any confidential information, including login credentials.


• Beef up your Facebook account security by enabling login notifications and login approvals.

Did You Fall for This Scam?

If you have already fallen for this scam:

• Change your password immediately - if you still can.


• Check out the 'Hacked Accounts' section of Facebook's Help Center.

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

So, the McDonald’s “African-American Tax” Hoax is Back

Some of you may have already seen it (depending on how gullible your Facebook friends are), but judging from the recent warning from Sophos, it appears as if the McDonald’s “Black Tax” hoax is back.

If you see the image below, don’t fret: McDonald’s isn’t charging African-American customers an extra $1.50 per transaction “as an insurance measure due to a recent string of robberies.”

It’s not true, it’s just a 4chan prank gone wrong.

PLEASE NOTE:
As an insurance measure due in part to a recent string of robberies, African-American customers are now required to pay an additional fee of $1.50 per transaction.

Thank you for your cooperation,
McDonald’s Corporation
(800) 225-5532

History of McDonald’s “Black Tax” Hoax

According to Gawker, the hoax image originated from 4chan ~2007, was posted on McServed.com in June of 2010 and somehow went viral in June of 2011.

Of course this created a field day for McDonald’s PR team as Twitter users retweeted the picture & shared their thoughts in 140 characters or less. McDonald’s took to its social media accounts to reassure everyone it was a fake image, but some people just weren’t buying it.

Still, the phone number listed on the phony flyer should be a hint – it’s actually the customer satisfaction line for KFC!

If you see anyone sharing this image, be sure to clue them in on what’s going on, and try not to spread the hoax any further.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Updates Flash Player to Fix Vulnerabilities Used in Ongoing Attacks

It’s time to update Adobe Flash Player!

Adobe released an emergency patch for Adobe Flash Player to address two vulnerabilities (CVE-2013-0633 & CVE-2013-0634) that are actively being exploited by cybercriminals to spread malware.

Attacks using the CVE-2013-0633 vulnerability involve tricking Windows users into opening a booby-trapped Word document (.doc) containing malicious Flash (SWF) content. The malicious Word documents arrive as an email attachment.

The second vulnerability, CVE-2013-0634 is being exploited in drive-by-download attacks using malicious Flash content and pose a threat to both Windows & Mac OS X users.

Adobe recommends that Linux and Android users update their software even though Windows & OS X are the only ones that appear to be targeted in the ongoing attacks.

Affected Flash Player versions, according to Adobe’s security advisory:

• Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh


• Adobe Flash Player 11.2.202.261 and earlier versions for Linux


• Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x


• Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

Not Sure What Version of Flash Player You Have?

Users that are unsure of what version they’re running can find out by:

• Visiting the About Flash Player page on Adobe’s website.


• Right-clicking on content running in Flash Player & select “About Adobe (or Macromedia) Flash Player” from the menu.

Be sure to check the version in each web browser installed on your system; just remember that Google Chrome & IE10 will be updated automatically!

How to Update Adobe Flash Player

To update their installation of Adobe Flash Player, users can:

• Download the update from the Adobe Flash Player Download Center.


• Use the built-in update mechanism in Windows Control Panel or OS X System Preferences.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tax Spam Aims to Trick Users Into Downloading Backdoor Trojan

It’s tax season again and that means spammers will be pumping out malicious phishing emails in hopes of catching recipients off-guard.

Sophos has already intercepted one of the tax-related spam emails going around, and is warning users not to open the files attached to it:

Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

The name of the zip archive attached to the email will vary from email-to-email as it is named after the recipient (i.e. the file will be named “sally.zip” if your email is sally@email.com). However, each archive contains the a dangerous executable, "Individual Income Tax Returns.exe" that Sophos identifies as Troj/Agent-ZWM, a backdoor Trojan that will grant an attacker remote control of your system.

What to Do If You Receive This Spam Email

If this email happens to drop in your inbox, it is recommended that you:

• Avoid downloading or opening the attached file.


• Report the email to SpamCop.


• Delete the email immediately.

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

"Did you see this pic of you?" Phishing Scam Stealing Twitter Logins

There’s a new phishing scam circulating on Twitter and judging by the amount of phishy DMs we’re receiving, a lot of folks are falling for it.

Tsk, tsk, people. Have we not learned anything from past phishing attacks?

How the Scam Works

Similar to previous scams, it all starts with an intriguing direct message:

Did you see this pic of you? lol [SHORT LINK]

The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:

Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:

After a few seconds, you’ll be redirected to the real Twitter website:

At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.

Don’t Fall for This Scam!

Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:

• Do not follow short links without expanding them first. You can use a free service like longurl.org to check the true destination before following a link.


• Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?


• Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.

What to Do with Twitter Phishing Scam DMs

If you happen to receive one of these phishing messages, it is recommended that you:

• Avoid clicking on any embedded links.


• Report the DM to Twitter.


• Let the sender know that their account has been compromised and advise them to change their Twitter password.


• Delete the DM immediately.


• Warn your fellow Twitter users!

Have you seen this scam yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

DocuSign Phishing Emails Loaded with Data Stealing Trojan

Professionals that use DocuSign should beware of an active phishing campaign looking to infect their computer with a data-stealing Trojan, warns antivirus firm Bitdefender.

The phishing email has been carefully crafted to appear as if it were a legitimate notice sent by DocuSign Electronic Signature Service on behalf of the administration department of the recipient’s company.

Screenshot Credit: Bitdefender

From: DocuSign Service (dse@docusign.net)
Subject: To all Employees – Confidential Message

DocuSign
Your document has been completed

Sent on behalf of administrator@bitdefender.com.

All parties have completed the envelope ‘Please DocuSign this document: To All Employees 2013.pdf’.

To view or print the document download the attachment .

(self-extracting archive, Adobe PDF)

This document contains information confidential and proprietary to bitdefender.com

LEARN MORE: New Features | Tips & Tricks | View Tutorials

DocuSign. The fastest way to get a signature.

If you have questions regarding this notification or any enclosed documents requiring your signature, please contact the sender directly. For technical assistance with the signing process, you can email support.

Attached to the email is a zip file named “To ALL Employees.zip,” and it shouldn't be a surprise to anyone that inside the archive is a payload identified as Trojan.Generic.KD.834485.

Once it has infected a machine, Trojan.Generic.KD.834485 will get to work by stealing login credentials stored in email clients & web browsers, attempt to log into other network machines by guessing weak passwords using remote desktop protocol (RDP), possibly download and install additional malware (such as the infamous ZeuS/Zbot), and collect account information related to server names, port numbers, login IDs, FTP clients, and cloud storage programs.

DocuSign is aware of this email threat and has taken the courtesy of posting a warning on their website advising users that legitimate emails do not contain zip or executable files as attachments and to mouseover links to check for the docusign.com or docusign.net domains before following them.

Think You Received a DocuSign Phishing Email?

• Do not download or open any attached files.


• Hover your mouse over links to check for the legitimate docusign.com or docusign.net domains. (Note: This may not matter if a file is attached since real emails from DocuSign do not contain attachments.)


• Report the email by forwarding it to spam@docusign.com.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Malware Abuses Skype Chat to Spread Once More

Skype users should exercise caution when clicking links shared via chat as there has been an influx in malware using Skype in order to propagate.

Shylock Trojan

CSIS first warned of a new variant of the Shylock Trojan using Skype to spread thanks to its creators updating it with a plugin named “msg.gsm.”

Shylock typically spreads via drive-by-downloads, phishing emails, and removable drives attached to infected systems, but the new addition provided another infection method as it gave the Trojan the ability to abuse Skype’s chat feature to send messages containing links to malicious websites serving the malware.

Other functionality granted by msg.gsm includes sending IMs and transferring files, clearing chat and file transfer history, bypassing Skype’s connection warning/restrictions, and sending requests to a remote server.

That’s only a fragment of what Shylock is capable of, though. Shylock can allow attacker to perform a number of activities on an infected system, like inject malicious code into web pages, steal cookies, download and execute files, and more.

Thankfully, Microsoft has stated that they have managed to completely block Shylock (Microsoft detects it as Backdoor:Win32/Capchaw.N) on Skype, but the company still encourages users to avoid opening links from untrusted sources or visiting untrusted websites.

For those of you who may be concerned that you got hit with the threat prior to it being blocked, Microsoft suggests you watch out for the following symptoms:

• The presence of messages or files in your Skype conversation history that you do not recall writing or transferring


• Your Skype conversation history is empty


• You do not receive alerts or warnings from Skype, where previously you did so

Shylock is known for its advanced detection evasion techniques, so do what you can to prevent an infection (tips below).

Phorpiex Worm

Even if you do manage to avoid Shylock, you still have to worry about WORM_PHORPIEX.JZ, which TrendMicro says is also abusing Skype chat to spread.

Upon infection, Phorpiex will modify the system registry to bypass any firewalls and start whenever Windows does, open a backdoor by connecting to a specific IRC chat server and join the channel #go, send emails with malicious attachments containing a copy of itself, spread to accessible removable drives and download additional malware including a plugin appropriately named WORM_PESKY.A (“Pesky”) that will send out Skype messages reading:

LOL http://www.[REMOVED]x.uk.com/images/php?id=IMG0540250.JPG

Those of you who have read our guide on how to spot a dangerous image link will be able to tell that this link is not what it seems.

Pesky doesn't do much else beyond spam people with malicious chat messages; Phorpiex is the main threat here.

Protecting Your PC

So, now that you know what you’re up against, what can you do to protect your computer?

• Avoid clicking on suspicious links, regardless of where they come from. Both threats abuse Skype to send IMs, so the malicious link can come from one of your contacts if their machine has been infected.


• Do not download or open files that come from unknown or untrusted sources.


• Keep your operating system and installed third-party software fully patched and up-to-date to minimize the chances of a successful drive-by-download attack.


• Always run antivirus software and keep the virus definitions current.


• Use a Windows user account with limited privileges (i.e. no permission to install software).

What to Do if Your System is Infected

Already have the misfortune of encountering one of these threats?

For Shylock, Microsoft’s Threat Center states you can use Microsoft Security Essentials (or Windows Defender for Windows 8) to detected and remove it.

For Phorpiex, users can use antivirus solutions by TrendMicro, Microsoft, ESET or Ikarus to detect and remove it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spam Alert: More FedEx Phishing Emails Hitting Inboxes

Brace yourselves, folks - more FedEx spam is coming your way!

Our last copy of FedEx spam arrived back in early December, and it doesn’t look like much has changed since. The sender’s address is still some random email (not a fake fedex.com address), the subject line is still a random tracking number, and the goal is still to infect your computer with Win32/TrojanDownloader.Zortob.B.

Here’s the email (the previous version can be seen here):

From: Shipping Service (clients-262@corpuschristi.com)
Subject: Tracking ID (387)91-387-387-9611-9611

FedEx

Order: JN-1454-28625287
Order Date: Thursday, 3 January 2013, 11:23 AM

Dear Customer,

Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.

GET & PRINT RECEIPT

Best Regards, The FedEx Team.

For those of you who are curious (or possibly new to this FedEx spam thing), when you click the ‘Get & Print Receipt’ link, you will be taken to a third-party site that will download the file Postal-Receipt.zip onto your PC. Hopefully you will not make the mistake of opening this file as it contains the aforementioned Zortob.B Trojan.

What to Do With FedEx Spam

If you receive an email like the one above, it is strongly recommended that you:

• Do not click on any links or open any attached files.


• Report the email to FedEx by forwarding it to abuse@fedex.com.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+