Microsoft Windows 8.1 is Arriving!

Microsoft revealed their Windows 8.1 will be released on October 18, 2013.  Windows 8.1 will be released at 12 a.m. in New Zealand for it’s global tour.  Boxed discs, new hardware, and everything you need will be in stores by the 18th.  The Windows 8 users will be able to download and install the 8.1 version for free via the Microsoft Windows Store.
With all the traffic Microsoft will be getting, they are going to increase their rates on the new PCs and tablets.  Microsoft’s Windows 8.1 is available to be previewed as of June.  The new version of Windows offers a Start button, that is not a Start menu.  The button will allow you to return to the Start screen with a click, buttons are more fun than menus anyway, right?  If you would like to get down to business and bypass the Start screen entirely, there is a Boot to Desktop option.

Start em up

For the users who want to use the Start screen, they will find a fun and easy way to customize and personalize the menu.  There are special features like the All Apps screen and Search tools have been enhanced.  There are many other built-in apps that have improved as well.
The new Windows 8.1 is designed for both PCs and touch-screen devices.  Although, the new modern look of the UI may not be everyone’s favorite.  It has been a hit-or miss with its dueling Modern desktop approach.

References:

Windows 8.1 Preview
http://windows.microsoft.com/en-us/windows-8/preview?ocid=GA8_O_WOL_Hero_Home_BlueRP_Pos2_01
Windows 8.1 digital download will be released October 17, full retail launch October 18 – PCWorld
http://www.pcworld.com/article/2046630/windows-8-1-digital-download-will-be-released-october-17-full-retail-launch-october-18.html
August 14, 2013
Microsoft: Windows 8.1 to roll out October 18 – C-Net
http://news.cnet.com/8301-10805_3-57598456-75/microsoft-windows-8.1-to-roll-out-october-18/
August 14, 2013

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Malware on the Rise

Microsoft is clearly the industry leader in terms of operating system and it still has a firm hold over that position. In recent times, the company has had a quiet time in terms of security risks, especially after the introduction of  Windows 8. However, a new type of malware is being distributed for the Windows OS through German spam that affects the boot record of the infected computer. Also, this malware can also give the hacker control of the infected computer.

Distributed Via Attachment

Trend Micro was the company that was responsible for the detection of this new type of malware. The researchers who analyzed this malware said that it was attached to the German spam mail, and is code named BKDR_MATSNU.MCB. The mail will claim that the recipient has to pay some money to the sender, and all the relevant details have been attached to the mail. Trend micro researchers claimed that this method is very effective in influencing the recipients to open the attachment.

Ransomware Reaction

Once the malware is downloaded and installed on the victim’s computer, the data is collected and sent to the hacker who planted the malware. Once that is done, the malware is capable of erasing the boot record on the drive, erasing data, and also locks the screen of the computer. The victim is then asked to pay a certain sum of money if the screen has to be unlocked, the classic ransomware approach.

 

Links:

German Ransomware Threatens Victims, Disables PCs | Security ...

www.technewsdaily.com/18282-german-ransomware-disables-computers...‎

6 days ago – If you become a victim of the BKDR_MATSNU.MCB ransomware, getting it off of your system may not be as simple as running a virus scan.

 

Compromised Japanese Sites Lead to ... - Threat Watch

www.trendmicro.eu/smartphone/content.php?m=TrendLabs...i...‎

Jun 5, 2013 – Like any backdoor, BKDR_MATSNU.MCB performs certain malicious commands, which include gathering machine-related information and ...

 

Backdoor.AndroidOS.Obad.a, an Advanced Android Malware Threatens Users

http://thedroidguy.com/2013/06/backdoor-androidos-obad-a-an-advanced-android-malware-threatens-users/

Jun 8, 2013 - A known computer security company revealed that there is an advanced Android malware..

 

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

 

Most Mobile Malware Target's Android Devices

According to the NQ report, one type of malware is delivered through app repackaging in which a user downloads a mobile application that looks legitimate but is actually a harmful program.

Malware can also be downloaded through fake websites when a user clicks on a URL that appears authentic but is not.

Mobile users can also be duped through so-called "smishing" -- a combination of the words SMS and phishing -- where a user receives a text message asking for personal information like a credit card number, e-mail address or social security number.

Android's malware not limited to bad apps

Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat “could be a game changer.”

Users on any mobile platform, including iOS, can be targeted with spam that directs them to malware websites. However, while previous exploits have been demonstrated to allow a visited website to crack the security on iOS to "jailbreak" the device, Apple has been vigilant about patching these flaws and distributing iOS updates that scuttle the profitability of discovered threats, effectively frustrating the malware business on iOS.



Here’s Symantec’s breakdown of the types of mobile threat it identified last year, with information theft being the most common threat. Add in user tracking and more than fifty per cent of the mobile malware identified was trying to steal user info or track their movements:



Check your phone: Nations with the most mobile malware - CNN.com
edition.cnn.com/2013/04/16/.../world-most-mobile-infected-countries
Apr 19, 2013 – Security threats from mobile malware are on the rise and nearly 95% ... Android devices were targeted by malware in 2012; Mobile devices in ...

Mobile malware jumped 163 percent in 2012, mostly on Android
www.techradar.com › ... › Mobile phones‎
by Matt Swider - in 89 Google+ circles
Apr 16, 2013 – Another reason Android continues to be the most malware-targeted mobile OS is that it's more popular in pirate-heavy countries like China, ......

Android Remains Main Target For Mobile Malware Writers Despite
techcrunch.com/2013/04/16/symantec-mobile-malware/‎
by Natasha Lomas - in 770 Google+ circles
Apr 16, 2013 – Mobile malware remains a small and nascent issue, especially when ... In fact, while Apple's iOS had the most documented vulnerabilities in 2012, ... But clearly the vast majority of Android malware lands on devices via the ......

Mobile malware exploding, but only for Android - AppleInsider
appleinsider.com/.../mobile-malware-exploding-but-only-for-android‎
May 14, 2013 – Malware targeting mobile devices is rapidly growing in both the number of ... but the only platform being actively targeted is Google's Android, which ... an exploit and chose to address it with a patch, most Android users would ...

Mobile Malware grows massively, Android targeted most » Phone
www.phonesreview.co.uk/.../mobile-malware-grows-massively-android-t...‎
Apr 15, 2013 – There will be many of us that have some kind of security software installed onto our computers especially if its running Windows, but this is not ...

Microsoft Issues Worldwide Virus Alert

The talk and the footprint of computer viruses in the online world had reduced significantly in the last year. Hackers and online miscreants had moved on to other methods of attacking computers as viruses were considered to be too weak. But Microsoft recently announced that the trend is all set to change in the coming days. A security expert from the IT giant said that hackers were reverting back to the usage of viruses and coming up with innovative attack vectors. He said that this year, the world will witness a significant increase in the usage of viruses for attacking computers (both personal and corporate).

Low Broadband Penetration Rate

Tim Rains, the security expert who announced the news, said that Microsoft was monitoring the virus trends on the World Wide Web and noticed a spike in the volume of viruses for the first time. He said that low broadband penetration rate has increased the chances of a computer getting infected with any of the malicious software, including Trojans and worms. He said that this trend is being exploited by hackers and they are using viruses more actively to infect broadband connected computers (which is almost every internet enabled computer today). Microsoft also added that they had traced the infections to as far as Egypt, Pakistan, and Bangladesh.

Viruses Are Easy to Eliminate

Rains said that even today, viruses are very easy to be removed as their signatures can be easily detected and tracked. He said that users are expected to keep their anti-virus systems updated which will significantly reduce the chances of being attacked by a virus.

[via NBC News ]

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Malware Steals Credit Card Data from POS Systems & ATMs

Several hundred POS terminals and ATMs in the United States have been infected by malware designed to steal debit and credit card data, according to security firm Group-IB.

The malware, named “Dump Memory Grabber” is written in C++ without the use of any additional libraries and is capable of collecting Track 1 and Track 2 card data (full name, account number, expiration date, etc.) from infected systems – providing fraudsters all the information they need to create physical card clones.

Upon infection, Dump Memory Grabber modifies the system registry to ensure it runs whenever the affected machine boots, lists all running processes and proceeds to search memory for sensitive payment information. The stolen data is then uploaded via FTP to a remote server believed to be controlled by Russian cybercriminals affiliated with a “big cyber-crime gang.”

The malware is said to have siphoned data associated with debit and credit cards issued by major U.S. banks like Chase, Capital One, Citibank and Union Bank of California.

Group-IB told Security Week that it appears the malware infected most of the POS terminals and ATMs were infected with the help of insiders, such as employees with physical access to the machine or authorization to update system software.  Only a handful of systems running Windows XP or Windows Embedded appeared to be compromised remotely.  Attackers were also able to exploit vulnerabilities in the banks’ network to plant the malware in some cases.

Group-IB has shared its findings on Dump Memory Grabber with VISA, the affected banks and law enforcement.

[via Security Week]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Buy of the Week: Dell Latitude 10 Tablet for $578

Latitude 10 is the tablet that's built for business with easy management and security, and a swappable battery for go-anywhere productivity.

Until April 5th, 2013, you can order a Dell Latitude 10 Tablet from Hyphenet for only $578 + shipping!

Specifications for Dell Latitude 10 Tablet

MFR#	469-3998
Product Type	Tablet
Display	10.1" IPS TFT WLED 1366 x 768 (Multi-Touch)
Processor	1.8GHz Intel Atom Z2760 ( Dual-Core )
Storage	64 GB
RAM	2 GB RAM
Supported Flash Memory Cards	SD Memory Card
Wireless Connectivity	Yes
Camera	8 Megapixel rear, 2 Megapixel front
Features	USB host, HDMI Port
Dimensions (WxDxH)	10.8" x 7" x 0.4"
Weight	22.9 oz
Operating System	Windows 8 Pro 32-bit Edition
Warranty	1-year Dell Warranty

Call (619) 325-0990 to order a Dell Latitude 10 Tablet today!

Buy of the Week offer valid through April 5th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Trojan Poses as Flash Player 11 Update, Changes Browser Home Page

Be sure to refer to Adobe’s official website if you’re looking to update Flash Player to the latest version.

There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.

Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:

 

While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:

• www.anasayfada.net


• www.heydex.com

“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.

Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.

Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.

• Only download Flash Updates from adobe.com, and not some random website.


• Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).

Is Your Computer Infected?

To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:

• Microsoft 


• McAfee


• AVG


• Ikarus

Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Malware Uses Evernote as Command & Control Server

TrendMicro researchers have recently stumbled upon a piece of malware that uses the popular note-taking service, Evernote as its command and control server.

The malware, which TrendMicro detects as BKDR_VERNOT.A is classified as a backdoor, and grants an attacker remote access to an infected system to do as they please.

“The sample we gathered consists of an executable file, which drops a .DLL file and injects it into a legitimate process,” Threat Response Engineer, Nikko Tamana  explained on the TrendMicro blog, “The said .DLL file performs the actual backdoor routines.”

Aside from downloading and executing additional files, those backdoor routines include collecting information about the infected system, such as the OS, timezone, user name, computer name, registered owner and organization.

TrendMicro researchers found that commands were retrieved from the notes saved in an Evernote account, which is also suspected to be the location where the stolen data is unloaded.

This is not the first time that malware authors have abused a legitimate service to relay information and evade detection. Twitter and Google Docs are two other services that have been used by malware in the past.

Keeping Your System Safe

BKDR_VERNOT.A is spread via drive-by-download and other malware, so users can minimize their chances of infection by:

• Keeping their operating system and installed third-party software fully patched and up-to-date.


• Running antivirus software with the latest virus definitions.


• Exercising caution when following suspicious hyperlinks (even if they appear to be harmless image links).


• Scanning email file attachments before downloading and/or opening them.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Yontoo Trojan Installs Adware Browser Plugins to Inject Ads in Webpages

Russian antivirus vendor Dr. Web is warning OS X users about a new Trojan, detected as Trojan.Yontoo.1 (“Yontoo”) that installs adware browser plugins on whatever computer it manages to infect.

Users are often duped into downloading Yontoo after landing on a movie trailer page that prompts them to download & install a [missing] browser plugin, media player, video quality enhancement program or download accelerator.

When launched, Yontoo will display a dialog window  to the victim asking them to install a program called “Free Twit Tube” –

 

However, Yontoo proceeds to download and install adware plugins for Safari, Chrome and Firefox instead.  As users surf the web, the plugins relay browsing data to a remote server, which then returns a file that enables the Trojan to inject ads (via third-party code) into webpages loaded in the affected browser.

So, for example, when a user visits apple.com on an infected machine, they may see something like this:

 

While Dr. Web’s write-up focuses on the attack targeting OS X users, it is important to note that Windows users are also subject to Yontoo infections, although Symantec classifies Yontoo as a “potentially unwanted app” vs. Trojan (an app that claims to be one thing when it’s another).

Either way, the ol’ “missing plugin” bit is rather old, so don’t fall for it. Be careful what you install on your computer, and always read the installation dialogs.

Removing Yontoo from Your PC

If you’ve already been tagged by the Yontoo Trojan, you can perform a full system scan using one of the following antivirus programs to remove the infection:

• OS X users:
  
  
  
  • Dr. Web
  
  
  • Intego (detects it as OSX/Tonyoo)
  
  
  
  


• Windows users:
  
  
  
  • Symantec
  
  
  • Webroot
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Experian Spam Used to Spread Data-Stealing Trojan

Don’t open any files attached to emails purporting to be from Experian, claiming that a “key change” has been posted to “one of your three national credit reports.”

Spammers are pumping out Experian phishing emails in an attempt to infect as many computers as possible with malware.

Below is a copy of the email to watch out for:

From: Experian
Subject: IMPORTANT – A Key Change Has Been Posted

Experian

Membership ID #932823422

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian, Equifax, and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:

• View detailed report by opening the attachment.


• You will be prompted to open (view) the file or save (download) it to your computer.


• For best results, save the file first, then open it in a Web browser.


• Contact our Customer Care Center with any additional questions.

Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

© 2013 Consumerinfo.com, Inc.

The danger of this email lies within the attached file, Credit_Report_XXXXXXXXX.zip which contains an .exe file with the same name and a misleading PDF icon. A virus total scan of the exe reveals that it is actually PWS:Win32/Fareit, and not a credit report as the email suggests (big surprise there).

Did You Receive This Email?

If this email lands in your inbox, be sure that you:

• Do not download or open any attached files.


• Report the email to SpamCop.


• Delete the email immediately.

Did You Already Open the Attached File?

According to Virus Total, 29/46 antivirus programs are capable of detecting the threat associated with this spam campaign, so double-check the VT results and make sure your antivirus can catch it.  Then, do a full system scan and remove any detected threats.

[via DataProtectionCenter.com]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

AVG Mistakenly Flags Windows System File as Trojan

AVG antivirus software caused a bit of ruckus for Windows XP users on Thursday morning after incorrectly flagging the Windows system file, wintrust.dll as a Trojan,“Generic32.FJU.”

Users that followed the software’s instructions to remove the file and reboot the system would have their machines caught in a never-ending restart cycle.

At that point, users would have to use a Rescue CD to help boot the affected system and copy the wintrust.dll file (from another PC) back to the Windows System 32 folder in order to return things back to normal.

Thankfully AVG released a virus update to correct the problem shortly before 1pm, pushing out virus database 567 for AVG version 9.0 and 2012, and virus database #6174 for AVG 2013.

It is unclear how many users were affected by the false positive.

[via H Security]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

BBB “Your Accreditation Terminated” Spam Spreads Cridex Worm

Spammers are extorting the Better Business Bureau brand in a new spam campaign focused on infecting computers with the Cridex worm.

The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. ("Beaureau"? Really?)

Below are two variants that are currently circulating:

Your Accreditation Terminated

The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.

We kindly ask you to visit the SUSPENSION REPORT to respond on this claim

We are looking forward to your prompt response.

If you think you got this email by mistake – please forward this message to your principal or accountant

Faithfully yours

Dispute Consultant
Better Business Bureau

 

Dear Owner:

Your accreditation with [COMPANY] was Terminated

A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.

We pleasantly ask you to overview the ABORT REPORT to reply on this situation.

If you think you received this email by mistake – please forward this message to your principal or accountant

We are looking forward to your prompt reaction.

Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.

Sincerely,
– Online Communication Specialist
bbb.org – Start With Trust

Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.

Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.

Keep Your PC Safe!

Given that this threat requires user-interaction, avoiding it should be relatively simple.

• Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.


• Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).


• Always keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning and keep the virus definitions current.

Too Late?

Did you already click the link in an email similar to the ones above?

Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Disable Java Browser Plugin, New 0-Day Vulnerability Under Attack

It’s starting to feel as if another day means another Java exploit will be found.

FireEye researchers are sounding the alarm after detecting a new Java zero-day vulnerability (CVE-2013-1493) that cybercriminals are actively exploiting in-the-wild.

The security flaw, which FireEye says was used to “attack multiple customers,” can be successfully exploited in browsers with Java 6 Update 41 and Java 7 Update 15 plugins installed.

FireEye researchers offered insight as to how the exploit works:

Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process.

After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable (disguised as a file called svchost.jpg) from same server hosting the JAR file and then execute it.

One relatively good thing to note is that FireEye researchers did say that the exploit is not very reliable given the fact that it tries to overwrite a big chunk of memory, and although the payload is downloaded, it fails to execute and the JVM crashes.

In the event that the attack goes smoothly, McRAT malware (detected by Microsoft as Backdoor:Win32/Mdmbot.F) will be planted on the compromised system.

Keeping Your System Safe

FireEye notified Oracle of this new vulnerability, but advises customers to take one of the following courses of action until a patch is released:

• Disable the Java plugin in your web browsers, or;


• Set Java security settings to “High” and do not execute any untrusted Java applets.

Aside from that, it is also recommended that users always run antivirus software on their computers and keep the virus definitions current given that 27/46 antivirus programs are capable of detecting the threat associated with this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

NBC Website Hacked & Dishing Out Malware to Visitors

Update: NBC Website Safe to Visit Again, Said to Have Been Infected for 24hrs

Scan your computer if you went to NBC.com today, and be sure to avoid the NBC website until the coast is clear.

Hackers managed to inject malicious iframes into the NBC website, exposing visitors to third-party websites hosting Java and PDF exploits that drop malware if successfully executed.

The exploits are actively being served and cybercriminals have been continuously swapping out the malicious URLs, according to Hitman Pro blog.

Hitman Pro identified the malware being dropped as Citadel (which is a version of Zeus) & ZeroAccess, both of which have fairly low detection rates. Here are the MD5 hashes & VirusTotal results for the samples collected:

• c26c64c3129fca7aafe695904d5976da (Citadel)


• 16ee24be6b0afac36c994c9568e24331 (Citadel)


• 994da098a62905385af8481329bf7c70 (ZeroAccess)

Being that NBC.com has been hacked and is actively serving exploits, users are strongly advised to avoid visiting the website.

Pass the word to your family & friends!

Update: NBC Website Safe to Visit Again, Said to Have Been Infected for 24hrs

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Patches 0-Day Flaws in PDF Reader & Acrobat

Adobe has released an emergency patch to fix two critical vulnerabilities in Adobe Reader & Acrobat 9.5.3, X and XI that cybercriminals are actively exploiting in targeted attacks.

The vulnerabilities in question, CVE-2013-0640, CVE-2013-0641 are the same ones that FireEye researchers spotted early last week.

Users are advised to update Adobe Reader and Acrobat as soon as possible due to the ongoing attacks. The exploit discovered by FireEye is the first to bypass the built-in sandbox security feature in Reader and Acrobat.

How to Update Adobe Reader

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows
  
  
  • Mac OS X
  
  
  • Linux
  
  
  
  

How to Update Adobe Acrobat

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows (Acrobat Standard, Pro & Pro Extended Users)
  
  
  • Mac OS X (Acrobat Pro)
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Updates Flash Player to Fix Vulnerabilities Used in Ongoing Attacks

It’s time to update Adobe Flash Player!

Adobe released an emergency patch for Adobe Flash Player to address two vulnerabilities (CVE-2013-0633 & CVE-2013-0634) that are actively being exploited by cybercriminals to spread malware.

Attacks using the CVE-2013-0633 vulnerability involve tricking Windows users into opening a booby-trapped Word document (.doc) containing malicious Flash (SWF) content. The malicious Word documents arrive as an email attachment.

The second vulnerability, CVE-2013-0634 is being exploited in drive-by-download attacks using malicious Flash content and pose a threat to both Windows & Mac OS X users.

Adobe recommends that Linux and Android users update their software even though Windows & OS X are the only ones that appear to be targeted in the ongoing attacks.

Affected Flash Player versions, according to Adobe’s security advisory:

• Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh


• Adobe Flash Player 11.2.202.261 and earlier versions for Linux


• Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x


• Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

Not Sure What Version of Flash Player You Have?

Users that are unsure of what version they’re running can find out by:

• Visiting the About Flash Player page on Adobe’s website.


• Right-clicking on content running in Flash Player & select “About Adobe (or Macromedia) Flash Player” from the menu.

Be sure to check the version in each web browser installed on your system; just remember that Google Chrome & IE10 will be updated automatically!

How to Update Adobe Flash Player

To update their installation of Adobe Flash Player, users can:

• Download the update from the Adobe Flash Player Download Center.


• Use the built-in update mechanism in Windows Control Panel or OS X System Preferences.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tax Spam Aims to Trick Users Into Downloading Backdoor Trojan

It’s tax season again and that means spammers will be pumping out malicious phishing emails in hopes of catching recipients off-guard.

Sophos has already intercepted one of the tax-related spam emails going around, and is warning users not to open the files attached to it:

Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

The name of the zip archive attached to the email will vary from email-to-email as it is named after the recipient (i.e. the file will be named “sally.zip” if your email is sally@email.com). However, each archive contains the a dangerous executable, "Individual Income Tax Returns.exe" that Sophos identifies as Troj/Agent-ZWM, a backdoor Trojan that will grant an attacker remote control of your system.

What to Do If You Receive This Spam Email

If this email happens to drop in your inbox, it is recommended that you:

• Avoid downloading or opening the attached file.


• Report the email to SpamCop.


• Delete the email immediately.

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Malware Abuses Skype Chat to Spread Once More

Skype users should exercise caution when clicking links shared via chat as there has been an influx in malware using Skype in order to propagate.

Shylock Trojan

CSIS first warned of a new variant of the Shylock Trojan using Skype to spread thanks to its creators updating it with a plugin named “msg.gsm.”

Shylock typically spreads via drive-by-downloads, phishing emails, and removable drives attached to infected systems, but the new addition provided another infection method as it gave the Trojan the ability to abuse Skype’s chat feature to send messages containing links to malicious websites serving the malware.

Other functionality granted by msg.gsm includes sending IMs and transferring files, clearing chat and file transfer history, bypassing Skype’s connection warning/restrictions, and sending requests to a remote server.

That’s only a fragment of what Shylock is capable of, though. Shylock can allow attacker to perform a number of activities on an infected system, like inject malicious code into web pages, steal cookies, download and execute files, and more.

Thankfully, Microsoft has stated that they have managed to completely block Shylock (Microsoft detects it as Backdoor:Win32/Capchaw.N) on Skype, but the company still encourages users to avoid opening links from untrusted sources or visiting untrusted websites.

For those of you who may be concerned that you got hit with the threat prior to it being blocked, Microsoft suggests you watch out for the following symptoms:

• The presence of messages or files in your Skype conversation history that you do not recall writing or transferring


• Your Skype conversation history is empty


• You do not receive alerts or warnings from Skype, where previously you did so

Shylock is known for its advanced detection evasion techniques, so do what you can to prevent an infection (tips below).

Phorpiex Worm

Even if you do manage to avoid Shylock, you still have to worry about WORM_PHORPIEX.JZ, which TrendMicro says is also abusing Skype chat to spread.

Upon infection, Phorpiex will modify the system registry to bypass any firewalls and start whenever Windows does, open a backdoor by connecting to a specific IRC chat server and join the channel #go, send emails with malicious attachments containing a copy of itself, spread to accessible removable drives and download additional malware including a plugin appropriately named WORM_PESKY.A (“Pesky”) that will send out Skype messages reading:

LOL http://www.[REMOVED]x.uk.com/images/php?id=IMG0540250.JPG

Those of you who have read our guide on how to spot a dangerous image link will be able to tell that this link is not what it seems.

Pesky doesn't do much else beyond spam people with malicious chat messages; Phorpiex is the main threat here.

Protecting Your PC

So, now that you know what you’re up against, what can you do to protect your computer?

• Avoid clicking on suspicious links, regardless of where they come from. Both threats abuse Skype to send IMs, so the malicious link can come from one of your contacts if their machine has been infected.


• Do not download or open files that come from unknown or untrusted sources.


• Keep your operating system and installed third-party software fully patched and up-to-date to minimize the chances of a successful drive-by-download attack.


• Always run antivirus software and keep the virus definitions current.


• Use a Windows user account with limited privileges (i.e. no permission to install software).

What to Do if Your System is Infected

Already have the misfortune of encountering one of these threats?

For Shylock, Microsoft’s Threat Center states you can use Microsoft Security Essentials (or Windows Defender for Windows 8) to detected and remove it.

For Phorpiex, users can use antivirus solutions by TrendMicro, Microsoft, ESET or Ikarus to detect and remove it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Upgrade to Windows 8 Before Jan 31st, 2013 - Or Else! (You'll Have to Pay WAY More)

Still on the fence about whether or not you should upgrade your PC to Windows 8?

You may want to make a decision before January 31^st, 2013.

Microsoft announced on Friday that the current promotions allowing folks to upgrade their XP, Vista or Windows 7 machines to Windows 8 Pro for $39.99, or upgrade eligible Windows 7 machines purchased after June 2^nd, 2012 for just $14.99, will expire on January 31^st, 2013.

Unfortunately that means if you try to upgrade after February 1st, you will be paying a whole lot more to upgrade to Windows 8 as the following upgrade prices take effect:

Package	Promo Price	Price after Jan 31st
Windows 8 Pro upgrade	$39.99 (or $14.99)	$199.99 (U.S.)
Windows 8 upgrade	N/A	$119.99 (U.S.)
Windows 8 Pro Pack	$69.99	$99.99 (U.S.)
Windows 8 Media Center	Free	$9.99 (U.S.)

So, that means you’ll be paying $199.99 to upgrade from XP, Vista, or 7 to Windows 8 Pro, or $119.99 to just upgrade to Windows 8 – not the Pro edition.  Upgrading from Windows 8 to Windows 8 Pro will now cost $99.99 after the promotional period expires.

If you were tossing the idea of upgrading to Windows 8, you may want to do it sooner rather than later. The promotion ends in less than two weeks!

How do you feel about the price jump? Are you interested in Windows 8? Share your thoughts in the comment section below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+