Malware is Everywhere [INFOGRAPHIC]

We all know that malware lurks around every corner, waiting for us to visit a booby-trapped website or open that zip file attached to an unsolicited email.

Cybercriminals across the globe have been busy creating and tweaking their malware creations, which they then unleash on unsuspecting users to do anything from steal sensitive data to demand ransom fees to partake in click fraud - and more.

What’s an internet user to do?

As they say, knowledge is power, and the folks over at Inspired eLearning have created the infographic to illustrate the dangers associated with malware along with steps that you can take to stay safe.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Twilight Author's Site was Compromised to Serve Malware

If you’ve recently visited the website of Stephenie Meyer – author of the insanely popular Twilight book series – then you will want to scan your computer for malware.

Researchers at Avast! antivirus security firm recently found that hackers had injected malicious JavaScript code into Meyer’s official website that exposed unsuspecting site visitors to the Crimepack Exploit Kit.

Like other exploit kits, the Crimepack Exploit Pack attempts to leverage system vulnerabilities – which, of course, are usually associated with Java or Adobe PDF Reader – in order to plant malware on the target’s machine.

There's no word on how long the malicious code was present on Stephenie Meyer's site, but the website has been scrubbed of the evil code. Unfortunately, those who had horrible timing of paying her site a visit during the attack are still stuck with the aftermath of playing computer clean-up.

The internet is a dangerous place and this should serve as a reminder that it is critical that you keep your computer operating system and software up-to-date with the latest security patches. Running antivirus software at all times will definitely help, too.

Failure to do so can easily result in a system infection.

Image of malicious Javascript credit: Avast!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Computer Viruses Stole Data from S.F. College for Over 10 Years

You might want to think twice about checking your bank account, private email or even your social networking account on a college computer.

A few days after the Thanksgiving holiday, it was discovered that at least 7 different viruses were stealing personal information from possibly tens of thousands of students, faculty and staff at City College of San Francisco.

Worse yet, it appears that the army of malware has been trolling the college’s network every night  around 10p.m. and uploading sensitive data to remote servers based in Russia, China, and eight other countries since 1999.

Computers across the college district’s administrative, instructional and wireless networks have been infected and there’s a chance that anyone that’s used a USB drive to take their work home could have transferred the virus to their personal PC.

School officials are investigating the extent of the infection and data siphoning, but apparently servers holding medical information were found to be virus-free.  Another 17 computers thought to be at-risk are currently being analyzed.

Thankfully, no identity theft cases have been linked to the breach. However, that may change depending on the investigation and school officials are considering bringing in the FBI to help.

[via  SFGate]

Photo Credit: markomni

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Fake LinkedIn Emails Link to Blackhole Exploit Sites Serving Malware

Do you have a LinkedIn account?

You may want to think twice about clicking links within any emails that claim you’ve received a new message on the social networking site geared towards professionals.

Cybercriminals have been busy pumping out spam emails that pose as legitimate LinkedIn notices, enticing you to click on a link in order to read what message some random stranger has left for you.

In reality, the links will send you directly to a site housing a blackhole exploit kit that will attempt to take advantage of any system vulnerabilities in order to infect your PC with malware. This sneaky form of attack – also known as a “drive-by-download” –   is especially dangerous due to the potential of the attack being executed without detection unless your PC and antivirus software is up-to-date.

Although the spammers did a good job crafting the bogus LinkedIn notices – LinkedIn logo at the top left, familiar blue coloring, no obvious spelling mistakes, disguised links and even a spoofed sender’s address – it’s pretty easy to spot the fake emails when you see them.

How can you tell the real from the fake? That’s easy.

The REAL emails include the subject and body of the message that was sent to you on LinkedIn. The FAKE emails only have a date and invitation to click on a link in order to read the message.

Here’s a comparison of the real email vs. the fake. Note that the crook has disguised the malicious URL to make it appear as if points to the LinkedIn website:








Always be sure to hover over links to check the real destination URL and feel free to investigate any suspicious looking URLs before actually clicking on them.

Have you received any questionable emails claiming to be from LinkedIn or LinkedIn users? Share your experience below!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

5 Years Later, the Olympic Torch Virus Hoax Still Burns Strong

Five years later, the Olympic Torch virus hoax is still going strong.

Back in February 2006, folks started forwarding their friends and family members chain emails warning them not to open any emails titled “Invitation” as they contained attachments harboring what was known as the “Olympic Torch virus.”

According to the email, the alleged “most destructive virus ever” earns its title by wiping out the unsuspecting victim’s hard-drive. Of course, the real problem lies in the fact that the email is a hoax and the Olympic Torch virus does not exist.

Nowadays folks are not only keeping the Olympic Torch virus hoax alive by forwarding emails to their contact lists, but posting “warnings” on social networking sites like Facebook.

Here’s a copy of the current email circulating that warns you of the dangers offered by the fake Olympic Torch virus:

Subject: FW: Worst Computer Virus - Please read

PLEASE CIRCULATE THIS NOTICE TO YOUR FRIENDS, FAMILY, CONTACTS! In the coming days, you should be aware....

Do not open any message with an attachment called: Invitation FACEBOOK, regardless of who sent it. It is a virus that opens an Olympic torch that burns the whole hard disc C of your computer.

This virus will be received from someone you had in your address book .. That's why you should send this message to all your contacts. It is better to receive this email 25 times to receive the virus and open it .. If you receive a mail called: Invitation FACEBOOK, though sent by a friend, do not open it and delete it immediately. It is the worst virus announced by CNN. A new virus has been discovered recently that has been classified by Microsoft as the most destructive virus ever.

It is a Trojan Horse that asks you to install an adobe flash plug-in. Once you install it, it's all over. And there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information of their function is saved.

SNOPES SAYS THIS IS TRUE............
http://www.snopes.com/computer/virus/youtube.asp

Facebook posts warning users of the Olympic Torch virus typically contains a chunk of the email above.

Ironically, the Snopes article linked in the chain email was related to an entirely different threat and had no connection to the Olympic Torch virus hoax. It’s important that you do a little research before sharing information with others to avoid generating unwarranted fear.

If you receive one of the variants of the Olympic Torch virus hoax emails, feel free to delete it WITHOUT forwarding it to any of your contacts.

While it's true that bad guys spread malware via email attachments, this "Olympic Torch virus" is not one of them. Protect yourself by running up-to-date antivirus software that offers email filtering and real-time scanning and avoid downloading unexpected email attachments.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

Bogus USPS Delivery Failure Notice Contains Virus

The United States Postal Service has issued a warning for users to beware of fraudulent USPS delivery failure notices being sent by internet crooks as they likely contain malware.

Cybercriminals are doing their best to trick unsuspecting users into opening the fake delivery notice and its malicious contents by spoofing the sender’s email address to make it appear as if the email was sent from’ info@usps.gov’.

Inside, the bogus USPS delivery failure notice reads:

From: United States Postal Service (info@usps.gov)
Subject: USPS Delivery Failure Notification

Hello!

Unfortunately we failed to deliver the postal package you have sent on the
12th of November in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our
office.

United States Postal Service

The attached file, “USPS report.zip” is not a shipping label as the email claims, but it does contains the virus that the spammer is hoping you opt to download and open on your machine.

If you receive this fake USPS delivery notice email, it is recommended that you delete it from your inbox and go about your day. The USPS is already aware of the problem and they’re doing their best to figure out who’s behind these malicious emails and bring them to a stop.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

Malware Milestones: The History of Computer Viruses, Worms, Trojans & More [INFOGRAPHIC]

It’s kind of crazy to know that the first malware milestone was set back in 1970, when the Creeper worm showed up on the Advanced Research Projects Agency Network (ARPANET).

Since then, computers and their end-users have been at the mercy of a variety of viruses, Trojans, and worms that have come into existence – each one seemingly more dangerous than its predecessor.

Check out this infographic outlining malware milestones:



Be sure to follow us on Twitter @hyphenet and “Like” us on Facebook to stay up-to-date on the latest PC security threats.

Win32.Worm.Coidung.B Posing as Office Genuine Advantage Program, Spreading via Chat Messenger

A worm has been spotted in the wild, spreading through the Yahoo Messenger and tunneling deep into victim’s computers in order to wreak havoc.

The worm, identified by Bitdefender as Win32.Worm.Coidung.B poses as an Office Genuine Advantage checker, which is a tool previously used in the past by Microsoft to validate copies of Microsoft Office – similar to the Windows Genuine Advantage system in place today. The worm is being spread via a file called “office_genuine.exe.”

Once the Coidung worm gains entry into the victim’s computer, it goes straight to work – disabling the Windows firewall, creating copies of itself that it hides within several system folders under a variety of names, modifying registry keys to ensure the files run on startup, and opening a backdoor to allow its author to control the PC remotely, recruit it into a DDoS attack or download additional malware.

To make things worse, Coidung comes bundled with a virus, Win32.Virtob. It is unknown whether the virus was planted inside the Coidung worm intentionally or if it happened to hitch-hike a ride somehow along the way. Either way, the Virtob virus is happy to do its own thing by infecting ASP, HTM and PHP scripts while it waits patiently for a command from its controller.

Users should avoid downloading any executable files shared via messenger programs or unsolicited emails to minimize the chances of Win32.Worm.Coidung.B  - or any other malware - from making it's way onto their machine.

It’s recommended that you always keep your PC protected by running up-to-date antivirus software that offers real-time scanning and a personal firewall in addition to exercising caution when dealing with files downloaded from the internet.

Photo Credit: Kokotron

Be sure to follow us on Twitter @hyphenet and “Like” us on Facebook to stay up-to-date on the latest PC security threats.

Viruses, Trojans and Scareware – Oh My! The Differences Between the Computer Threats Roaming About

As a computer user, you’re bound to come across terms such as ‘malware’, ‘adware’, ‘spyware’, or ‘virus’ – among others.

After all, the internet is riddled with warnings about the latest Trojan horse stomping its way onto user’s PCs and bringing all of its malware buddies or that nasty worm causing billions of dollars in damage.

Beyond knowing that the computer threats running amok can be anything from extremely annoying to downright devastating to computer users, do you know the difference between them?

Let’s go down the list.

Malware

Malware is short for “malicious software” and is a blanket term used for any type of computer threat, whether it’s a virus, spyware, adware, scareware, or worm.

Malware is created with the intent of damaging, disrupting or stealing data from your computer.

Adware

Adware is a form of malware that serves up advertisements on the infected PC. Adware is commonly bundled up with free programs (like MSN Messenger), presumably to help keep them free as the authors of the program you’re downloading likely generate revenue through ad impressions or clicks.

Typically you can avoid having adware piggybacking on free applications you download by unchecking options within the installation dialogs, but you’ll also find some adware prefers to sneak in without permission.

Spyware

Read the first three letters of the name and you already know what it was built to do – “spy” on you and your computer activities.

Yes, spyware is planted on the machines of unsuspecting users to monitor your browsing and search history, reset your browser home page or in some cases plant a keylogger to steal sensitive information like your banking details and account passwords. No privacy for you!

Scareware

Scareware is malware that’s posing as a legitimate antivirus solution that claims your PC is infected with hundreds of viruses that can only be removed if you purchase a full license. Like the name suggests, scareware feeds off the fear of the infected user in order to generate revenue for its authors.

You may have heard of the rogue application, “Security Sphere 2012” which was recently reported to rake in over $1million per month for the crooks behind it.

Trojan [Horse]

Trojan Horses pose as innocent programs that will do you no harm, only to later spring their trap to do all kinds of evil things like open up a backdoor to allow someone else to remotely control it or download additional malware to do even more damage.

Knowing that, I guess it’s not too difficult to figure out where Trojans got their name.

Virus

A computer virus is a self-replicating program designed to infect PCs and cause a world of trouble – from corrupting files and causing errors to flat out destroying hardware and rendering the PC inoperable.

Viruses commonly come attached to executable files (.exe) and require user-interaction (like running the program) in order for the virus to become active and spread.

Worms

Like viruses, worms are self-replicating programs created to wreak havoc on your computer. However, they do NOT have to attach themselves to a program and do not require any user-interaction in order to spread.

Worms use computer networks to spread from PC to PC, or even servers – often times making their way into the machines by exploiting system vulnerabilities.

Well-known worms include Conficker, SQL Slammer and the ILOVEYOU worm.

Avoiding the Dangers

Now that you’ve brushed up on your computer threat technology you may be tempted to shut off your PC and disconnect it from the internet, right? That won’t be necessary.

With the bad comes the good, which in this case is a list of steps that you can take in order to protect your PC from the latest malware threat:

1. Always run up-to-date antivirus and anti-malware software on your machine and perform system scans often.


2. Be sure to install any system and program updates to avoid malware from exploiting any system vulnerabilities that could’ve easily been patched with an update.


3. Don’t open unexpected email attachments and be sure to scan any attachments you do decide to download BEFORE opening them.


4. Exercise caution when following links to suspicious websites or content – especially if they’re found on social networking sites as they’re often a breeding ground for malware.


5. Avoid using pirated software as evil doers have been known to lace them with malware.


6. Make sure you back up your computer – and do it often! You just never know.

Be sure to follow us @hyphenet, "like" us or circle us to stay up-to-date on the latest tech news and security threats.

Did you know? Hyphenet offers virus removal services to help you get your PC back to normal. Give us a call at (619) 325-0990.

Photo Credit: Bruno Biagioni Neto

Giveaway on Facebook Offers Boots £50 Voucher & Malware

Facebook users should be on the lookout for another “free” offer that will not only promote spam, but infect your PC with a Trojan that will open a backdoor on your machine in order to download additional malicious content.

The spam message luring unsuspecting Facebook users into this dangerous malware-laden trap offers a £50 voucher for Boots, which is a popular healthcare and pharmaceutical chain in the UK:

Boots £50 Voucher Giveaway
wwww.boots4.tk
As Christmas is approaching we are giving away 1250 vouchers to some lucky people, maybe you?

Please note that the cybercrooks behind this scam mean business and have setup over 15 domains that all lead to the very same trap. The URLs being used are:

• www.boots1.tk


• www.boots2.tk


• www.boots3.tk


• www.boots4.tk


• www.boots5.tk


• www.boots6.tk


• www.boots7.tk


• www.boots8.tk


• www.boots9.tk


• www.boots10.tk


• www.boots11.tk


• www.boots12.tk


• www.boots13.tk


• www.boots14.tk


• www.boots15.tk

Once you visit one of the URLs listed above, you’ll be presented with the same cookie-cutter page asking you to share this special offer with all of your Facebook pals and give thanks to the crook that setup this scam.



It’s important that you do NOT share this scam or post a comment as you will be immediately redirected to another page that attempts to drop a dangerous payload on your machine.

ESET NOD32 Antivirus 4 identified the malicious content that will attempt to force its way onto your computer as the HTML/ScrInject.B.Gen virus, aka Adware.Windupdates to Norton antivirus users.

Once HTML/ScrInject.B.Gen (or Adware.Windupdates) makes its way onto your PC, it will open up a backdoor to download and install additional malware, spyware or any other dangerous content that will wreak havoc on your system.

What should I do if I’ve already clicked the Boots £50 Voucher Offer?

If you were duped into believing you could win a free £50 voucher for Boots, it’s highly recommended that you follow the steps below:

1. Delete any Facebook Wall posts and private messages that advertise the Boots £50 Voucher offer. This will keep your friends and family members from being exposed to the scam and the malware it promotes.


2. Verify that your antivirus software is up-to-date and do a full system scan to search for any viruses, malware, spyware, or any other malicious content that may have made its way onto your computer.


3. Warn your friends and family members not to click any links related to the £50 Boots Voucher offer and instruct them to run a system scan on their computer if they have done so already.


4. Avoid following links that offer free gift certificates and “crazy” videos on Facebook as they typically wind up to be nothing more than a survey scam or a way for crooks to spread malware and any other dangerous content they wish to spread.

You should always run a full antivirus suite on your PC that offers real-time scanning and a personal firewall. As you can see, failure to do so can easily result in your computer being infected.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Researcher Exposes Vulnerability Allowing Users to Attach EXE Files to Facebook Messages

-- Update 11/1/11 --

It has been reported that Facebook has fixed this vulnerability.

-- End Update --

Nathan Power of SecurityPentest has discovered a way to bypass Facebook’s security check that prevents users from attaching executable files (exe) to Facebook messages.

Typically when you attempt to upload an exe file to a Facebook message, you will be greeted with an error saying, “Error Uploading: You cannot attach files of that type.”

However, after capturing the web browsers POST request being sent to the server, Nathan found that you could bypass the security mechanisms in place simply by adding a space at the end of the filename.

Original:

filename=”cmd.exe”

Updated:

filename=”cmd.exe “

Obviously this vulnerability is bad news since it will allow ill-willed Facebook users to send malicious files – such as malware, spyware, or even viruses – to unsuspecting Facebook users.

What makes matters worse is that you don’t have to be friends with a Facebook user in order to send them a message. That is, of course, unless that user has beefed up their Facebook account security to keep users not on their friends list from sending them messages.

On the plus side, an exe file attached to a Facebook message will not execute UNLESS the recipient decides to download the file. So, if someone sends you a message with an exe file attached, be sure that you don’t open it. ;)

This vulnerability was reported to Facebook at the end of September and they acknowledged its existence on Wednesday. Facebook’s Security Manager Ryan McGeehan issued the following statement in response:

This finding will only allow one user to send an obfuscated renamed file to another Facebook user. The proof of concept, as is, would not execute on a recipients machine without an additional layer of social engineering. Beyond that, we are not going to rely solely on string matching as a protective measure, since zip files and other things could also have unpredictable behaviors when sent as an attachment.

We are AV scanning everything that comes through as a secondary measure, so we have defense in depth for this sort of vector. This puts us at a similar level of protection as most webmail providers who deal with the similar risk, and this finding is a very small part of how we protect against this threat overall. At the end of the day, it is more practical for a bad guy to hide an .exe on a convincing landing page behind a URL shortener, which is something we’ve been dealing with for a while.

So there you have it, folks. Should someone decide to send you a malicious exe file via Facebook message, they can do so with relatively little effort.

It’s highly recommended that you update your Facebook security settings to prevent any unfriendlies from sending you dangerous files. You’ll find instructions on how to update these settings here.

Also feel free to check out Nathan Powers' post outlining his discovery of the Facebook message EXE vulnerability.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

Photo Credit: Nathan Power

Win32/Kryptik.TXT Trojan Spreading via Facebook Spam Links

Do you think twice before clicking a link on Facebook?

If you don’t, then maybe you should.

A nasty variant of the Win32/Kryptik.TXT Trojan is ripping through Facebook, pouncing on unsuspecting users as they click on links shared via Facebook Wall posts, discussion boards and chat sessions.

The Trojan is delivered via a drive-by download, giving the victim little-to-no time to react while it tests the effectiveness of the target computer’s antivirus software.

The Kryptik virus variant is being delivered by links that are disguised to point towards a .JPG file, although a closer look reveals that they’re going to an actual PHP page.

Below is a screenshot of dangerous links spreading the Kryptik Trojan on Facebook discussion boards [WARNING: DO NOT GO TO THESE URLS AS THE TROJAN IS ACTIVELY BEING SERVED!]:



Looking at the links above, you may think that the links merely point towards images, right? WRONG!

The danger is exposed in the first half of the URL: v9[dot]freepicshare[dot]com/r.php

The remaining portion is merely a fake parameter added to trick you into thinking you’re downloading a legitimate image file, when in reality you’re being served the Win32/Kryptik.TXT Trojan.

If you visit the page, two dialogs will popup:



If you’re running a good antivirus program that offers real-time scanning, the Trojan will be caught red-handed. Thankfully I’m running ESET NOD32 Antivirus, which is well-aware of this malicious Trojan horse and blocked it:

Symptoms of a Win32/Kryptik.TXT infection

Should the Win32/Kryptik.TXT Trojan make its way onto your computer, it will do the following:

• Embed its code into legitimate system files.


• Download additional malware from a remote computer.


• Serve pop-up advertisements on your computer screen.


• Redirect your web browser to websites serving more malicious content.


• Alter security settings to reflect minimum security protection in order to grant itself free reign to all files and folders.

As you can see, the Win32/Kryptik.TXT Trojan is quite the busy little bug once it infects a computer.

Removing it can be quite the chore, as you will likely need to do a system restore in addition to doing a full system scan with a good antivirus program.

Protecting Your PC from Win32/Kryptik.TXT Trojan & Other Malware

Here’s some advice on how you can avoid having your computer infected with malware:

• Always run up-to-date antivirus software on your computer. There is a huge selection of antivirus programs for you to choose from – ESET, Symantec and Kaspersky are just a few companies that offer great antivirus applications.


• Exercise caution when clicking on links. If you’re not sure about a link or suspect that it’s spam, DON’T click on it! This especially rings true for links shared on social networking websites like Facebook, Twitter, Google+ and even LinkedIn. Don’t be click-happy!


• Always scan files downloaded from the internet. Make sure you use your antivirus software to scan files downloaded from the internet. It doesn’t matter if they’re Word docs, PDFs, images, videos, you name it – if you got it online, scan it.

Warn your friends about this Trojan spreading on Facebook and be careful when clicking links! If you see a link similar to the ones outlined in this post, mark it as spam and report it.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

If you’re having trouble removing a Trojan horse, virus, or any other malicious programs from your computer, Hyphenet offers virus removal and protection services in San Diego County. Feel free to reach us by calling (619) 325-0990 or filling out our contact us form online.

Computer Virus Logging Pilot Keystrokes on U.S. Drones

For nearly two weeks, the U.S. military has been struggling to completely eliminate any trace of a computer virus that somehow made its way into the software for the Predator & Reaper drones.

The virus, which was detected by the military’s Host-Based Security System, harbors a keylogger payload and has been capturing every keystroke pilots make as they remotely fly missions over warzones including Afghanistan.

So far every effort to remove the computer virus has proved in vain, an anonymous source that’s familiar with the drone virus infection was quoted in this WIRED report, saying:

“We keep wiping it off, and it keeps coming back. We think it’s benign. But we just don’t know.”

Scary, huh?

To make matters worse, it’s unclear just how far the computer virus has spread within the network, although it’s believed that both classified and unclassified machines at Creech Air Force Base in Nevada – where the drones are remotely controlled – have been compromised.

On the upside, there have not been any signs of classified information being sent to an outside source thus far.

The systems controlling the U.S. drones are said to be blocked off from the public internet, although that won’t stop a virus, malware or any other malicious content from making its way into the system via a USB drive. There’s a good chance that's how the computer virus floating around the Predator & Reaper drone cockpits got there in the first place, as crew members use USB drives them to load map updates & move mission videos from PC to PC.

Hopefully the technicians at Creech can successfully rid their systems of the malware soon.

Until then, cross your fingers that the computer virus doesn't start publishing the information it's been logging.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Don't Click Links in Emails Claiming Steve Jobs is Still Alive

[caption id="attachment_849" align="alignright" width="300" caption=""Steve Jobs is Alive" Spam Message (Credit: M86 Security Labs)"][/caption]

Scammers aren’t being shy about milking the news of Steve Jobs’ death as much as they can.

Now that the scam claiming Apple was giving out free iPads in Jobs’ memory has been blown out of the water, cybercrooks have switch gears from lying to get people to fill out surveys to sending out emails saying he’s a live in order to spread malware.

If you see an email pop up in your inbox with one of the following subject lines, don’t bother opening it:

• Steve Jobs: Not Dead Yet!


• Steve Jobs Alive!


• Steve Jobs Not Dead!

In a blog post, Rodel Mendrez of M86 Security Labs states that the links included in the emails ultimately lead unsuspecting victims to a BlackHole exploit kit landing page, which will attempt to take advantage of any system vulnerabilities in order to download malicious content.

Oddly enough, no files were served to the test machine during M86 Security Labs’ analysis of the new scam, although there’s no telling when the scammers will start pumping malware through the site.

People who receive emails saying Steve Jobs is still alive are advised to delete the emails without opening them or clicking links inside.

Fake New York Uniform Traffic Ticket Emails Spread Malware

Did you receive an email from the New York State Department of Motor Vehicles claiming that you’ve been slapped with a uniform traffic ticket?

Don’t bother opening it.

In their latest scheme, internet scammers are spamming folks with emails titled, “UNIFORM TRAFFIC TICKET” that demands the recipient to open & complete the attached form and send it in.

Although the identification number in the subject line may change from time to time (my copy had “ID: 84” in the subject while the body had an ID of 445607), the ultimate goal to scare people into opening the attached file to infect their PC with malware remains the same.

The body of the email reads:

New York State — Department of Motor Vehicles
UNIFORM TRAFFIC TICKET (ID: 445607),

POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code 804

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 07/02/2011
IN VIOLATION OF NYS V AND T LAW

5 Description of Violation
SPEED OVER 55 ZONE

TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

Attached is a file named, “Uniform traffic ticket.zip”, which supposedly is what you’re supposed to download, complete and return to the enclosed address.

A more likely scenario is that the file is actually housing malware, previously identified as Mal/ChepVil-A (aka Trojan-Downloader.Win32.FraudLoad.zfji), that’s just itching to get on your computer to download more malicious files & go to town on your computer security.

The [real] New York State Police aren't turning a blind eye to this scam and have issued a warning for those who reside in the area to make sure they don’t fall for it. For the rest of us, I’m sure knowing that we weren’t in the NY area around the time the traffic ticket was “issued” is enough to avoid falling for it.

If not, then the broken English, tacky colors, odd sender address [infosogk@nypolce.com] & multiple recipients should definitely convince you.

UPDATE 10/13/11:

Since this was posted, I've received TWO more copies of this spam email in my inbox. Please do not open these emails as they contain malware.

Be sure to share this article with your family and friends to make sure they don't open the attached files.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

New OS X Trojan Infecting Macs By Pretending to Be Adobe Flash Update

[caption id="attachment_584" align="alignright" width="300" caption="Screenshot of Flashback trojan installer. Credit: Intego"][/caption]

Mac users are having their sense of security shaken up once again with another Trojan targeting OS X caught roaming in the wild.

Discovered by Intego, the Trojan horse OSX/flashback.A is sneaking its way into the Mac system files party by masquerading as an Adobe Flash update.

Once OSX/flashback.A, also simply known as “Flashback”, makes its way onto your computer, it goes straight to work: deleting its installation package, opening up a backdoor, installing a dyld library to inject code into applications that are ran & deactivating certain network security software.

During setup, Flashback checks to see if a specific program called Little Snitch, which “tells” on programs that attempt to make outgoing internet connections, is installed to deactivate it. It makes sense, considering the Flashback malware will eventually attempt to “phone home” in order to send sensitive data about the infected PC (like the computer’s MAC address)  back to its authors.

Mac users can check to see if Flashback has infected their machine by checking for a specific file in their home folder: ~/Library/Preferences/Preferences.dylib

To avoid becoming a “Flashback” victim, users can take the following precautions:

• Only download Adobe Flash updates from Adobe.com. Do NOT download Adobe Flash updates from any other site; otherwise you could potentially be putting your Mac’s security at risk.


• Disable Safari’s auto-open option. Open your Safari browser, go to the General section of the browser preferences & uncheck the option to “Open safe files after downloading.”


• Always run up-to-date antivirus & malware software. There are plenty of antivirus programs available for your Mac, including software from ESET, Kaspersky, Intego, & others. Be sure to keep your antivirus & malware software definitions current for the best protection possible.


• Exercise caution when downloading files. Don’t be click happy and flip through security dialogs without paying them any mind. Always be conscious of what you’re downloading and opening from the internet.

Stay safe, my fellow Mac users!

OSX/Revir.A Trojan Horse Targeting Mac OS X in Order to … Do Nothing?

With more and more users adopting Macs these days, cybercooks may be growing tempted to switch from developing malware and other nasty bugs for Windows to creating them for Macs instead.

Unfortunately for the creator of the Revir.A trojan (but fortunately for Mac users), it seems like their efforts aren’t proving to be so fruitful.

Meet Trojan-Dropper:OSX/Revir.A

The Revir.A Trojan comes disguised as a PDF file, written in Chinese and covering the long-heated debate between China and Japan over who controls a group of islands in the East China Sea, known as the Diaoyu Islands in China and the Senkaku Islands in Japan.

As some of you may be well aware, spreading malware via malicious PDF files is nothing new and is a common technique used by Windows malware authors, so it’s no real surprise that it’s being used to deliver OS X malware as well.

Similar to Windows malware attacks, the PDF is merely to provide the bug easy entry into the PC (as nobody thinks PDFs harbor any threat to their computer's security!) and serve as a distraction for the user while the malware does its thing in the background, which in this case is installing a backdoor named OSX/Imuler.A.

Fortunately, it appears that the malware is incapable of communicating with any remote command-and-control servers (which would give cybercrooks remote control of your Mac), so the threat level is relatively low at this point.

Either way, if you get an email with a PDF attachment, don’t download it. There’s no telling when the malware author will wise up and release a fully-functional version.

As recommended to Windows users, you should always run antivirus software on your PC and proceed with caution when downloading files from the internet. While their may not be as many threats targeting Apple's OS as there are Windows, there are threats out there that are capable of destructive behavior. Better to be safe than sorry!

Photo Credit: Britrob
[Altered by Marquisa]

Internet Scammers Threaten to Sue YOU for Spamming

In an ironic twist, cybercriminals are now sending their victims phishing emails with a subject line that reads, “We are going to sue you.”

Inside, the recipient of this phishing email will be accused of sending out spam themselves, which is supposedly the reason they are being contacted to begin with.

Of course no phishing email attack would be complete without an attachment, which in this case is a .ZIP file that claims to be evidence of the victim’s spamming practices.

According to the Websense Security Labs blog, the .ZIP file attachment actually harbors a nasty little Trojan virus (W32/Trojan3.CXG) that will copy itself to the computer’s system path so it will be executed every time you start your computer.

If that isn’t delightful enough, the Trojan can then connect to remote servers to download additional malicious files to wreak havoc on your PC.

To make things appear more legitimate (and scary to the end user), the scammers have taken to making the emails appear as if they’re coming from an established company, rather than from some random individual that may not follow-up with their claim.

Rest assured that if you receive one of these emails that it is just a ploy to get you to download malicious content and you can delete the email without stressing about being served with a lawsuit.

Other subject lines used in this latest social engineering trick include:

• “You are sending ad messages”


• "This is the final warning"


• "We've sent you a copy of a complaint"


• "A message from our security service"

As always, proceed with caution when downloading files attached to emails. Be sure that your PC has the best protection possible by always running up-to-date antivirus software that includes anti-spam features. Additionally, make sure that you scan all downloaded files before opening them.

Cybercriminals Target Children via Online Games

[caption id="attachment_392" align="alignright" width="300" caption="Neopets was targeted by cybercriminals in 2009."][/caption]

Parents, do you monitor your child’s computer use?

If not, you may want to start taking interest in what online games your kids are downloading and installing on your family PC. Otherwise, your sensitive information may be at risk.

Hackers and internet scammers alike realize the benefits of lacing online games with malware and viruses, leveraging a child’s lack of concern for computer security into a successful computer infection.

BitDefender recently reported that internet scammers had taken to releasing a variety of “spot the difference” games that ran malware in the background. While the child is enjoying the game itself, the malware attached to it goes to work: editing system files, hijacking your web browser’s start page & replacing all of your existing browser bookmarks with ones that link to additional malware.

This isn’t the first time hackers and internet scammers have used online games to target children either.

[caption id="attachment_403" align="alignright" width="150" caption="Sample "Magic Paintbrushes" used in the attack"][/caption]In 2009, the extremely popular children’s website, Neopets, which allows members to “adopt” and raise cyber-pets, fell under attack when scammers sent and posted messages that routed unsuspecting players that just wanted to use a “magic paintbrush” to change the color of their cyber-pets to a spoofed website that contained malware.

It was only after the child downloaded the [malware] file that they would discover that it was all just a lie and they would never get a magic paintbrush, unaware that the intention was only to trick them into downloading a malicious program to collect sensitive data - like banking information - from their computer.

Protect Your Kids – and PC – from Internet Scammers

Parents can minimize the likelihood of their computer being infected or their child being exposed to dangerous content online by taking the following precautions:

1. Always Run Up-to-Date Antivirus Software
   Get good antivirus software and set it to update automatically to make sure you have the most recent virus definitions & the best protection possible. All files downloaded online should be scanned BEFORE opening (most antiviruses scan downloaded files by default).


2. Create a User Profile with Limited Privileges for Your Child
   Create a user profile on your computer that prevents your child from being able to install programs and edit system files. Also, don’t let your child use the computer when it’s logged into an administrator account.


3. Take Advantage of Parent Controls
   Parent Controls allow you to set time limits on your child’s computer use (so they don’t waste the entire day online), prevent your child from running specific programs, or even block games based on their rating, content, and age. Windows 7 offers some nice features right out of the box, so be sure to check them out.

While the internet can be a dangerous place for kids, it can also be a good source of education and entertainment if the right precautions are in place.

Do you monitor your child’s computer use?

NACHA Phishing Emails Still Making Rounds

Despite the National Automated Clearing House Association (NACHA) making it publicly known that they do not communicate with individuals or companies regarding ACH transactions, let alone process them, internet scammers are still using NACHA’s name to trick unsuspecting users into downloading malicious content.

Phishing emails pretending to be coming from NACHA feature headlines similar to:

• “ACH transfer cancelled 2611403”


• “ACH report 772281382”

Inside the phishing emails, there will be a message stating that a recent ACH transaction has been cancelled along with an attachment that’s likely hiding a Trojan (like Zeus) or virus.

Here’s a sample NACHA phishing email:

ACH Payment Canceled

The ACH transaction (ID: 2611403), recently initiated from your checking account (by you or any other person), was canceled by the other financial institution.

Rejected transaction
Transaction ID: 2611403
Reason for rejection: See details in the attachment
Transaction Report: report_092011-78.pdf.exe (self-extracting archive, Adobe PDF)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703)561-1100 2011 NACHA - The Electronic Payment Association

As you can tell from the screenshots above, a few obvious red flags are raised upon inspecting these emails:

• They’re coming from the email addresses cPta2D8A3y[at]gmail.com & yyzYXASo35[at]gmail.com, which are obviously not NACHA email addresses.


• There are multiple recipients, which is odd for an email pretending to have sensitive information. Why would all of these people be attached to an email supposedly related to an ACH payment that I made?

Downloading the attached file can prove disastrous, since there’s a good chance it will contain a Zbot (also known as Zeus), which will install a keylogger to capture banking information typed on your computer.

Protect your computer by running antivirus software on your computer and make sure it’s set to update automatically. Proceed with caution when downloading files sent via email and be sure to scan any downloaded file with your antivirus software.

If you suspect your computer has been infected with a Trojan, spyware, malware, or a virus, Hyphenet offers virus removal services to rid your PC of dangerous infections. To learn more about Hyphenet’s PC repair services, call 619-325-0990 or contact us online.