Windows 8 Consumer Preview is Out: Download, Poke Around & Share Your Thoughts!

If you haven’t heard so already, Microsoft has released the Windows 8 Consumer Preview for fans, skeptics and neutral parties to download, play with and [hopefully] enjoy.

Recommended Hardware for Windows 8 Consumer Preview

According to Microsoft, the Windows 8 Consumer Preview should run fine on the very same hardware that Windows 7 functions on, but the following specs are recommended:

• 1 GHz or faster processor


• 1 GB RAM (32-bit) or 2 GB RAM (64-bit)


• 16 GB available hard disk space (32-bit) or 20 GB (64-bit)


• DirectX 9 graphics device with WDDM 1.0 or higher driver


• 1024 x 768 minimum screen resolution

Where to Download Windows 8 Consumer Preview

You can take one of two paths to download the Windows 8 Consumer Preview:

• Download Windows 8 Consumer Preview Setup – includes a compatibility report, upgrade assistance & built-in tool for converting an ISO image into installation media (such as a DVD or USB flash drive).


• Download Windows 8 Consumer Preview ISO images – alternative to the Windows 8 Consumer Preview Setup; you will need to use a third-party program to convert the ISO to a DVD or USB thumb drive. Available in English, Chinese, French, German and Japanese in:
  
  
  
  • 64-bit (x64) ~3.3GB
  
  
  • 32-bit (x86) ~2.5GB
  
  
  
  

Where to Get Help with Windows 8 Consumer Preview

If you do happen to download the Windows 8 Consumer Preview, keep in mind that it is beta software, so hiccups and bugs are to be expected. No official support is available; however, you can get help by visiting the:

• Windows 8 Consumer Preview forum


• Windows 8 Consumer Preview FAQ

Additionally, Microsoft will be publishing a series of posts focused on Windows 8 on the Windows Experience Blog, so you may want to periodically check in there as well.

Have fun exploring the new Windows OS!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Shylock Malware Launches Fake Chat Window to Steal Banking Details in Real-Time

Would you feel better if malware (and the cybercriminals behind it) took the time to actually have a conversation with you while stealing all of your banking information?

It can be done.

Security researchers over at Trusteer have come across yet another configuration of the Shylock malware using clever man-in-the-browser (MitB) tactics to dupe business/commercial users of an unnamed “leading financial institution.”

“When the victim logs in to the online banking application, the session stalls for few minutes and the user is told that security checks are being performed.” Amit Kleen wrote, “This is where things get, for lack of a better word, interesting.”

Though a series of fake HTML page injections and complex JavaScript code, the victim is presented with a LIVE chat window that is being operated by the cybercriminal.

Obviously the goal of the fraudster is to collect additional personal information from the victim and the suspicion is that the cybercrook will use words of persuasion to get the victim to verify fraudulent transactions as Shylock silently initiates them in the background.

Screenshot Credit: Trusteer

“This is yet another example of the ingenuity of fraudsters and their ability to exploit the trust relationship between users and applications provided by their online service providers.” Klein warned, “This attack could conceivably be used against enterprises and their employees, with the attacker posing as an IT help desk technician.”

Shylock, which Trusteer has been monitoring since last September, gets its nickname from the tendency to quote random excerpts from Shakespeare’s “The Merchant of Venice” in every new build. Citation quirks aside, Shylock boasts incredible anti-detection features that allow the malware to monitor symptoms of an antivirus system scan, delete its own files and registry entries when a scan is underway (remaining active only in memory) and hook itself into the Windows shutdown procedure to reinstate its infection upon system restart.

With these types of threats frolicking about, it’s more important than ever for users to not only keep their computer systems patched, up-to-date and protected by a comprehensive antivirus solution, but always remain vigilant when conducting business online.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tweets from Public Twitter Accounts to be Used for "Market Research Purposes"

If you have a public Twitter account, prepare to have your tweets packaged and sold to companies to analyze for “market research purposes.”

According to the BBC, Twitter has partnered up with DataSift in order to provide companies with the ability to rifle through tweets that date as far back as two years ago to help “plan marketing campaigns, target influential users or even try to predict certain events.”

The idea behind this, of course, is for Twitter to earn money by charging DataSift licensing fees.

Before today, DataSift customers were only able to search the last 30-days’ worth of tweets. By comparison, regular Twitter users were limited to only being able to search tweets from the last 7 days.

An estimated 250 million tweets are recorded and analyzed by DataSift every 24 hours. That collected data includes the location of the user – unless they’ve taken the time to visit their account settings page and delete all location data from their tweets – and an estimate of their social media influence, which is partly based off their Klout score.

There is some silver lining to this story, though: deleted tweets or tweets posted on “private” accounts are not included in the archive provided by DataSift.

If you’re not cool with the idea of your tweets being used for “marketing research purposes” then it’s time for you to either make your Twitter account private or stop using it altogether.

How to Make Your Twitter Account "Private"

1. Visit your account settings page by clicking on the person icon at the top right of the page and selecting "Settings" from the drop-down menu.


2. Scroll down to the "Tweet privacy" section and check the box next to "Protect my tweets."


3. Save your changes.

[via BBC News]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Security Firm Breaks Down the Anatomy of an Anonymous Attack

Have you ever wondered how an Anonymous attack goes down?

US-based security firm, Imperva witnessed an attack carried out by the hacktivist group first-hand in 2011 and have published a 17-page analysis on what is believed to be the first end-to-end record of a full Anonymous attack.

The attack observed by Imperva lasted 25 days and even though Imperva did not name the target in their analysis, the New York Times states that the Vatican was the focus of the attack.

So what did they learn?

Types of Anonymous Attacks

There are two types of attacks: reactive and proactive.

Reactive attacks come about when an event inspires Anonymous members to attack a target. An example of a reactive attack would be when Anonymous hacked into BART systems in August of 2011 after BART police blocked the use of cellphones in certain stations.

Proactive attacks are not as common and they only come about when Anonymous hints at the intent of going after a target. It’s difficult to judge the number of proactive attacks since the attack wouldn’t become public unless it was successfully carried out.

The attack witnessed by Imperva was a proactive one.

Anonymous vs. The Vatican

The attack against the Vatican consisted of three phases:

1. Recruiting and communications (Day 1-18) – Anonymous took to popular social media sites (Facebook, Twitter & YouTube) in order to generate support for the cause and recruit both skilled hackers and laypeople to participate in the attack.


2. Reconnaissance and application attack (Day 19-22) – After carefully hiding their true identities and place of operation, the skilled hackers go to work and start poking around the target site and applications in search for vulnerabilities that could expose sensitive data. An assortment of “off-the-shelf” vulnerability assessment tools are used for this, including Havij, Acunetix and Nikto Scanners, which check for SQL Injection, XSS and Directory Transversal vulnerabilities.


3. DDoS Attack (Day 24-25) - When the hackers were unable to find any vulnerabilities, they turned to the non-technical participants to assist in carrying out a DDoS attack. Participants helped by either downloading attack software or by visiting a specially crafted website that carried out the DDoS attack as long as the page was open in the browser.

As you can see, Anonymous attacks differ greatly from for-profit hacking since they don’t rely on malware, (spear) phishing techniques and rarely use bots. Not to mention they’re anything but shy about announcing their targets to the world via social media outlets, whereas for-profit hackers typically use hacker forums to discuss their targets and recruit participants.

Surviving an Anonymous Attack

Imperva advises any company that feels that they may be a target to:

• Monitor social media outlets for signs of an oncoming attack


• Make sure they have a strong application security program in place, consisting of web application firewalls, vulnerability assessments and code reviews to prevent a data breach. DDoS attacks are a last resort, so address application vulnerabilities first.


• Closely monitor alert messages to prepare for the next phase of an ongoing attack.


• Use IP reputation to thwart attacks during the reconnaissance phase.

Feel free to check out the report by Imperva, “The Anatomy of an Anonymous Attack” [PDF].

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Facebook Denies Allegations of Spying on Users' Text Messages

Facebook is under fire for “questionable behavior” – yet again.

Over the weekend, an article was featured in the London Sunday Times (registration required) that claimed Facebook was secretly rifling through the text messages of users that have the Facebook app installed on their Android smartphones.

While Facebook admits they’re testing new mobile features that integrate SMS messages, they denied the spy claims about reading users’ text messages without their permission.

Iain Mackenzie, Facebook’s Communications Manager for Europe, posted a note on Facebook titled “Today’s bad journalism” which – aside from bashing the newspaper for printing the article – stated that even though the current version of the Facebook app in the Android market requests permissions to EDIT, RECEIVE AND READ SMS Messages, it’s only in use for a small base of test users.

As one of the commenters of Iain’s Facebook post asked: Why does the Android market version of the Facebook app require SMS permissions if it's not actively used by everyone?

That brought another problem to light because according to a survey that was conducted by the Times, an alarming 70% of the respondents confessed that they do not check the permissions required by an app before installing it!

If you happen to be someone that doesn’t check permissions before installing an app on your smartphone, I strongly recommend that you start doing so immediately. It’s a great way to minimize your chances of getting malware on your phone.

As far as the “poor journalism” side of things, considering Facebook’s track record, it’s not all that surprising that the author behind the Times article spun the social networking giant in such a negative light.

After all, it was just a few months ago that Facebook had to update their cookies to stop tracking users even after they logged out of their accounts. That was after a security researcher spent nearly a year trying to bring it to their attention.

Then there’s that time when the FTC said Facebook was engaging in “unfair and deceptive practices,” but who are we to judge?

The Facebook app was removed from my Galaxy Nexus a long time ago for a completely different reason – it always seemed to have issues loading my News feed.  I just use the mobile site when I’m on the go and I feel the need for a social media fix.

Do you have the Facebook app installed on your smartphone? If so, will you be keeping it installed? What are your thoughts on all of this?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Image Credit: Quinn.anya || Modified by Marquisa Kirkland

Buy of the Week: Night Owl Poseidon-45 Channel H.264 Video Security Kit

This offer has expired. Please check the top banner ad for the current deal.

Looking for a good quality video surveillance system that won’t break the bank?

Night Owl's Poseidon-45 is an advanced 8 Channel H.264 smart DVR with 4 Indoor/Outdoor night vision cameras that allows you to access it remotely from both the internet via Internet Explorer and/or select 3G/4G smartphones including Android, iPhone & BlackBerry.

The kit comes with everything you need to set it up yourself and is truly a Do-it-Yourself security system.

For a limited time, you can order the Poseidon-45 8 Channel H.264 Video Security Kit from Hyphenet for only $390, plus taxes and shipping! Call 619-325-0990 to order yours now!

Night Owl Poseidon-45 Tech Specs

8 Channel H.264 DVR

• Advanced H.264 Compression gives you 2x more storage than MPEG4


• Video Input: 8 Channel BNC


• Video Output:




• 2 Channel BNC


• 1 Channel VGA




• Audio Input: 4 Channel RCA


• Audio Output:  2 Channel RCA


• Recording Resolution:




• D1 (704 x480) @ 60 fps (7.5 fps per channel)


• HD1 (704 x 240) @ 120 fps (15 fps per channel)


• CIF (352 x 240) @ 240 fps (30 fps per channel)




• Record Modes:




• Motion Activated/Alarm


• Continuous


• Time Schedule




• Playback Options:




• Event


• Time


•  Date




• View and Playback All 8 Cameras at Once


• Expandable Up to 8 Cameras (4 Cameras Included)


• Pre-installed 500GB Hard Drive (Supports 1 x 2TB SATA Hard Drive)


• Overwrite HD Protection (When Hard Drive is Full Either Record Over Oldest Files or Stop Recording)


• Digital Watermarking Video Time and Date Stamped for Official Use


• Password Protection


• Supports RS-485, Pelco-P and Pelco-D Protocols (Pan, Tilt and Zoom)


• USB Back-up


• Power Supply DC12V, 3A


• Dimensions: 11.8" x 9.9" x 2.4"

4 Indoor/Outdoor Night Vision Cameras

• Weather Proof Indoor/Outdoor Cameras (IP-65)


• 11 Leds for 30 ft. Night Vision


• 400 TV Line CMOS Sensor


• 6.0 mm Lens


• 240 ft. of cable included (60 ft. per camera)


• Power Supply: DC 12V


• Dimensions: 2.0" x 3.0" x 2.0"

View and Control Your DVR Anywhere in the World via PC, Tablet or Smartphone

• View, Playback, Backup, Configure DVR Settings remotely via Internet Explorer or Included Software


• Viewable over the Internet via Internet Explorer 6 or higher


• Included Advanced PC Remote Viewing Software


• Compatible with Windows 2000, XP, Vista and 7


• Viewable over Tablet PCs:
  
  
  
  • iPads
  
  
  • Tablet PC running Windows Mobile
  
  
  • Windows® 7
  
  
  • Android® Operating System
  
  
  
  


• Viewable over 3G/4G Smartphones:
  
  
  
  • Windows® Mobile Pro
  
  
  • Symbian® S60 V3 & V5
  
  
  • iPhones®
  
  
  • Blackberry (Blackberry® Operating System OS 5.0, non-touch screens)
  
  
  • Android®
  
  
  
  

Upgrade Options & Support

• Expandable up to 8 cameras (4 cameras included)


• No monthly fees


• 24/7 Technical Phone Support Provided by Night Owl


• Professional Installation Services Available Nationwide (US Only)

Don’t miss out on this Buy of the Week! Call (619) 325-0990 to order your Poseidon-45 8 Channel H.264 Video Security System for $390 today!

Buy of the Week offer valid through March 2nd, 2012.

* Shipping and taxes apply.

This offer has expired. Please check the top banner ad for the current deal.

Former McAfee Reseacher Discovers, Exploits 0-day Vulnerability in Smartphone Browsers

How would you feel if your smartphone recorded your phone calls and send them – along with your location, text messages and email – to an attacker?

While it sounds like something out of an action packed spy film, former McAfee cybersecurity researcher Dmitri Alperovitch says it's not only possible, but the malware and smartphone vulnerability already exists.

Alperovitch and a team conducted an experiment using an existing piece of malware, a Trojan named Nickispy.C, which they reverse engineered and took control of in order to collect sensitive data, including recorded phone calls, from smartphones.

To make things worse, Alperovitch states that no security software is capable of thwarting such attacks and while an Android-based smartphone was used in the experiment, Alperovitch states that iPhones are just as vulnerable.

Alperovitch's Experiment

In order to plant the malware, Alperovitch used a classic “spear phishing” attack method, sending a SMS message with a link from a spoofed mobile carrier number.

"The minute you go the site, it will download a real-life Chinese remote access tool to your phone. The user will not see anything. Once the app is installed, we'll be intercepting voice calls. The microphone activates the moment you start dialing," Alperovitch explained.

In addition to eavesdropping on phone conversations, the malware also intercepts text messages and emails and monitors the phone’s location.

Alperovitch – who is best known for discovering Operation Shady RAT last year – intends on demonstrating his findings at the RSA conference in San Francisco on February 29^th, 2012.

With the growing popularity of smartphones, cybercriminals have been hard at work developing malware targeting mobile operating systems. Should cybercrooks decide to start spamming out text messages linking to drive-by-download mobile malware attacks, we could all be in very big trouble.

Do you use a smartphone? How do you feel about Alperovitch's findings?

[via LATimes]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

‘Unsubscribe URL’ in Fax Spam Leads to Malicious Website

We expect malware to be present in files attached to unsolicited email. It may even be assumed that a link in a spam email will take us to a malicious site hoping to infect our PC with malware.

But would you expect a good old-fashioned unsolicited paper fax to lead you straight into a malware attack? It could happen.

In fact, researchers at Vircom have stumbled across a piece of fax spam that contains an ‘unsubscribe’ URL that, when visited, will attempt to infect your PC with malware.

Fax spam has been quite common since the 80’s and those who receive it know that their requests to be removed from the ‘marketing list’ are typically ignored, making ‘unsubscribe’ URLs that much more appealing.

The fact that the supplied URL is .co.cc domain - which is often used by cybercrooks to carry out drive-by-downloads and part-take in other malicious activities - may not mean much to the average user.

In the event that you receive fax spam requesting that you visit a URL in order to unsubscribe from future faxes and you wish to give it a shot:

• Be sure that you investigate the URL BEFORE visiting it (run it through a URL scanner, check if domain is blacklisted, etc.).


• Make sure that your computer is fully patched and up-to-date with the latest OS and software updates.


• Double-check that you have antivirus installed and the virus definitions are current.

Remember that there is no guarantee that whoever is behind the junk faxes will stop and if it’s anything like email spam, then it’s probably not worth the effort – or risk.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Variant of Flashback Trojan Using Java Exploits to Infect Macs

The authors behind the Flashback Trojan targeting Macs are quite the busy bunch.

Researchers at Intego have discovered a new version of the Flashback Trojan - dubbed "Flashback.G" - that’s infecting OS X via drive-by-downloads exploiting two Java vulnerabilities.

In the event that the targeted vulnerabilities have been patched, Flashback.G will attempt to trick users into installing it by displaying a self-signed certificate claiming to be issued by Apple.

Upon a successful infection, Flashback.G will inject code into Safari, Skype and other network programs in order to harvest username and passwords. Fortunately, this causes the affected applications to crash, throwing a red flag to the end-user.

“It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension.” Intego researchers explained in a blog post.

Flashback.G also comes with a built-in update feature that connects to a number of remote sites in order to automatically download updates.

According to Intego, a large portion of the Macs that are infected by Flashback.G are running OS X 10.6 Snow Leopard, which has Java pre-installed. That doesn’t mean other versions of OS X are out of the question though, as the issue lies with the vulnerabilities within Java itself.

To stay safe, Mac users should make sure that they’re running the most recent version of Java and be cautious of what files they download. Also, be sure to click ‘Cancel’ if you ever see this dialog box:

Screenshot Credit: Intego

Considering the fact that Intego found that Flashback.G will abort the installation process if it detects the presence of a variety of antivirus programs, it may be time to install an antivirus program on your Mac if you haven’t done so already.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Google Agrees to Respect 'Do Not Track' Browser Feature & Add it to Chrome

Show of hands: who here would use a “Do Not Track” feature/button if it was supplied within their web browser? (That actually worked.)

Both Firefox and Internet Explorer have offered “Do Not Track” features since last year, but they’ve been rather ineffective since advertisers and tracking companies refused to honor the system. Google even put forth the effort to find loopholes in order to circumvent user privacy settings in both Safari and Internet Explorer to keep an eye on users’ browsing activity.

With the cat out of the bag and the Obama administration taking interest in an online privacy “bill of rights,” Google has joined the coalition of internet giants that are all-for the idea of a “Do Not Track” option in web browsers – that’s actually respected by online advertisers and their nosey organizations.

However,  there are some things that internet users should keep in mind about this new “Do Not Track” button:

The new do-not-track button isn't going to stop all Web tracking. The companies have agreed to stop using the data about people's Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as "market research" and "product development" and can still be obtained by law enforcement officers.

Facebook would also still have the ability to track user's online activity with the "Like" button and other functions.

Google plans on adding the ‘Do Not Track’ feature to the popular Chrome web browser by the end of 2012. Apple has already added the anti-tracking feature to Safari in their latest OS update (10.8), code name “Mountain Lion.”

[via Wall Street Journal]
Image Credit: The Italian Voice

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Twilight Author's Site was Compromised to Serve Malware

If you’ve recently visited the website of Stephenie Meyer – author of the insanely popular Twilight book series – then you will want to scan your computer for malware.

Researchers at Avast! antivirus security firm recently found that hackers had injected malicious JavaScript code into Meyer’s official website that exposed unsuspecting site visitors to the Crimepack Exploit Kit.

Like other exploit kits, the Crimepack Exploit Pack attempts to leverage system vulnerabilities – which, of course, are usually associated with Java or Adobe PDF Reader – in order to plant malware on the target’s machine.

There's no word on how long the malicious code was present on Stephenie Meyer's site, but the website has been scrubbed of the evil code. Unfortunately, those who had horrible timing of paying her site a visit during the attack are still stuck with the aftermath of playing computer clean-up.

The internet is a dangerous place and this should serve as a reminder that it is critical that you keep your computer operating system and software up-to-date with the latest security patches. Running antivirus software at all times will definitely help, too.

Failure to do so can easily result in a system infection.

Image of malicious Javascript credit: Avast!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Unpatched pcAnywhere on 200,000 Windows PCs = Disaster Waiting to Happen

One would think with all of the headlines flying around about how hackers stole the source code for a variety of Symantec products and Symantec going from saying users only faced a “slightly increased security risk” to urging them to disable pcAnywhere before finally saying the software is safe only after being patched that users would heed the warnings and do as they’re advised.

After all, it’s not every day that a security company discovers they were breached years ago without their knowledge and tells you to flat-out stop using their product.

Unfortunately, it seems as though quite a few folks missed the memo and a lot of PCs have been left vulnerable as a result.

Security researchers over at Rapid7 scanned the internet for the TCP port that pcAnywhere leaves open for incoming commands and found that up to 200,000 computers are running unpatched versions of pcAnywhere software.

Note to those who are running unpatched versions of Symantec’s pcAnywhere: if a security researcher can find you, then so can an attacker.

To make matters worse, an estimated 2.5% (roughly 3,450 – 5,000) of those vulnerable Windows PCs are running a point-of-sale system, leaving the door wide open for an attacker to hit the ultimate payday.

Was nothing learned from the Subway point-of-sale system breach that resulted in over $3million dollars in fraudulent charges?

It’s imperative that pcAnywhere users to either make sure their software is current or find an alternative remote desktop solution such as LogMeIn, GoToMyPC, or WebEX PCNow – just to name a few.

What do you think of all the issues surrounding Symantec and pcAnywhere? Share your thoughts below!

[via ComputerWorld]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Don't Forget to Clear Your Google Web History Before March 1st

There are only seven days left in February.

Who cares, you ask?

Need I remind you that Google’s new privacy policy – which will allow them to share user data across nearly all of their services – will take effect on March 1^st, 2012? So, pretty much anyone that uses one of Google’s handy-dandy services should care. And let’s face it - that’s a whole lot of users.

As the Electronic Frontier Foundation pointed out, one of the things that users may want to do before March 1^st is erase their Google Web History.

Currently your Google Web History is kept out of reach of Google’s other products and while you may not realize it, your search data can reveal an awful lot about you, such as your location, interests, health concerns, religion, and a whole lot more.

With that being said, it’s probably a good idea to wipe your Google Web History data before the new privacy policy kicks in and Google gets a very clear understanding of every aspect of your life.

How to Erase Your Google Web History

1. Sign into your Google account.


2. Visit google.com/history
   -or-
   Click the arrow on the top right corner of the page and select ‘Privacy’.
   Scroll down until you see ‘Sign into Dashboard’.
   Scroll until you see ‘Web History’ and click ‘Remove items or clear Web History’


3. Click ‘Remove all Web History’


4. Select ‘OK’.

Keep in mind that this will “pause” your web history tracking, so if you want to start fresh then remember to enable it after clearing it out. To enable Web History again, just click the blue ‘Resume’ button at the top of the Web History page.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phony Facebook Notification Spam Delivers Keylogger Malware

Have you ever wondered what it’d be like having a keylogger installed on your machine, relaying every single one of your keystrokes to a remote server for some cybercrook to put to not-so-good use?

If your answer is "no", then it would be in your best interest to delete any vague emails that ask you to download Silverlight in order to read changes related to your Facebook account information.

Security researchers at BarracudaLabs stumbled across a spam email titled, “Your account information has been changed” that contains nothing more than a single image welcoming you to ‘Click now to install’ Silverlight has quite the nasty surprise hiding behind it.

Image Credit: BarracudaLabs

“If you take your time and examine the destination of that link you’ll see that the real payload is a .PIF file from an IP address in Malaysia." BarracudaLabs researchers explained, “PIF files are Windows executable files, and in this case the executable that is actually sent is Trojan.Win32.Jorik.”

The real scary stuff begins once you click ‘Run’ and unleash Jorik onto your computer. Every single keystroke and all of your web browsing history - including the web page title - will be recorded to a disk file and uploaded to a remote server.

To keep their PC safe, secure and malware-free, users should avoid downloading software advertised in spam and run up-to-date antivirus software.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spammers Modify Content in USPS Spam, Continue to Spread Malware

Head’s up, everyone!

It appears that cybercriminals have switched up the body of the malicious USPS spam messages that they’ve been pumping out for the last few months.

The latest variant we received was titled, “USPS Delivery failure” and did not have a spoofed USPS.com or .gov sender’s address like the other spam messages did. Instead, this bogus USPS message appeared to come from "LilianaLevielle[at]riaa.com".

In addition to the sender address change, cybercrooks opted to use fake tracking numbers in lieu of a failed delivery date.

Here’s a copy of the email:

Dear [EMAIL ADDRESS THAT ISN’T MINE],

Your item delivery tracking number 0720275 has failed. We were unable to deliver the package to the address specified. You can adjust the shipment details online by filling out the form attached to this message. Thank you.

USPS Customer Service®
1-800-ASK-USPS®
Mon-Fri — 8:00am - 8:30pm ET
Sat — 8:00am - 6:00pm ET
Sun/Holidays — Closed

Of course, there’s no “shipment details adjustment form” in the USPS report.zip file that’s attached to the email.

A scan report of the file attachment reveals that it’s housing the Gamarue.B worm, which the same malware being spread by the parking violation spam message we wrote about yesterday.

After it infects a PC, Gamarue.B will modify registry keys to ensure it runs on Windows startup and open a backdoor to download additional malware and allow an attacker to remotely control your PC. Depending on the configuration, Gamarue.B is also known to copy itself to removable drives in order to spread the infection.

If you receive this new USPS spam email, be sure to toss it into your email’s trash folder without downloading or opening any attached files.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: 27" ViewSonic LCD Monitor for $266

It's all about size, folks.

ViewSonic’s VA2703 is a 27" large format LCD display with Full HD 1080p resolution.

With wide viewing angles, 15,000:1 dynamic contrast ratio, DVI/VGA dual inputs, VA2703 offers crystal crisp images. The display's large viewing area greatly enhances productivity when users work on large spreadsheets or use multiple applications. Ergonomic tilt adjusts screen angle for comfortable productivity or collaboration and presentations. And energy saving Eco mode make the VA2703 the best value for corporations, home and education.

For a limited time, you can order a brand new 27-inch ViewSonic LCD monitor for only $266, plus shipping and taxes! Call (619) 325-0990 to buy yours today!

ViewSonic 27-inch LCD Monitor Specs

MFR#	VA2703
Diagonal Size	27 inches
Display Type	LCD TFT active matrix
Native Resolution	1920 x 1080 Full HD
Brightness	300 cd/m2
Image Contrast Ratio	1200:1 - 15000:1 (dynamic)
Response Time	3 ms
Interfaces	DVI-D, VGA
Color	Black
Warranty	3-year Limited Warranty

Don’t miss out on this Buy of the Week! Call (619) 325-0990 to order your 27-inch ViewSonic LCD monitor today!

Buy of the Week offer valid through February 24th, 2012.

* Shipping and taxes apply.

FREE Webcast: Creating & Managing a Cybersecurity Policy: Tips for the SMB

Many small and medium-size businesses (SMB) operate under the mistaken impression that their size, or the minimal security steps that they have already taken, will protect them from cyberattacks.

Attend this LIVE Webcast
Wednesday, March 21st at 10 AM Pacific

According to the U.S. Chamber of Commerce's publication, Commonsense Guide to Cyber Security for Small Businesses, "This assumption is both inaccurate and dangerous. Attacks on information systems operated by small and mid-size companies are growing rapidly and are having a severe impact on business operations... Neither the size of your company nor the type of your business guarantees protection from an attack. If you use the Internet, you are vulnerable."

Join Stephen Cobb, Security Evangelist at ESET to discover:

• How vulnerable SMBs like yours really are


• How you can establish a cybersecurity policy for your organization


• How you can to defend your company--and its employees, partners and customers--against online attacks

About the Cybersecurity Masters Series

ESET's Cybersecurity Masters webinar series is designed to connect you with the experts. As an IT Security professional you will gain access to analysis and commentary from industry experts on the Cybersecurity front. » View the Series

Additional Webcasts

» Detection Methods - View
» Surviving Mobile - View
» Selecting AV Security - View

Hyphenet is an Authorized Partner of ESET

Along with ESET, Hyphenet is a proud sponsor of the Cybersecurity Masters Webinar Series.

Don’t miss out on the latest tech news and computer security alerts! Follow Hyphenet on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

“Your parking violation appeal” comes with malware.

Don’t fret if an email titled, “Your parking violation appeal” arrives in your inbox – it’s just another attempt by cybercriminals to infect your PC with malware.

In fact, it will become blatantly obvious that the email is fake once you read it (and see 20+ other people copied on it):

Subject: Your parking violation appeal.
From: Alease Maslen (AleaseMaslen@policedep.gov)

Dear [EMAIL ADDRESS],

Please find the parking ticket appeal form in the attachment to this email. Failure to submit the form within 21 days will result in $100 fine.

Traffic Penalty Council.

This is an automatically generated email, please do not reply.

The entire goal of this spam message is to infect your PC with the Gamarue.B worm that’s hiding within the attached file, “parking ticket.zip.”

Once it makes its way onto your PC, Gamarue.B will modify the registry to make sure it runs on Windows startup and open up a backdoor on your PC to download additional malware or allow an attacker to remotely control your machine.

If your computer is infected with the Gamarue.B worm, don’t connect any removable drives to it. Otherwise there’s a good chance that the malware will spread the love by copying itself to the removable drive and infecting additional machines when the opportunity arises.

Feel free to delete this email without downloading or opening the attached files and go about your day.

Image Credit: Arthur Chapman

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Are you a part of the Web of Trust (WOT)?

I like the Web of Trust browser plug-in.

Now, whether that admiration really stems from the colorful circles used to indicate a site’s reputation rating or the fact that it helps me steer clear of sites that may put a damper on my web browsing experience could prove to be a rather interesting debate.

However, I like to think that it’s a mixture of both.

For those of you who’ve never heard of it, the Web of Trust plug-in allows you to enjoy a safer and more pleasant internet experience by adding a reputation rating next to site links and search results.

Highly rated sites literally give you the green light with a green circle next to their links, while a yellow circle is displayed for “iffy” sites and red circles strive to stop you from visiting sites with a poor reputation. Websites with no rating are given a gray circle with a blue question mark.

Website reputation ratings are based off the feedback of millions of web users that have shared their personal experience – good or bad – on countless sites they’ve visited.

Such information can come in handy when you’re debating whether or not you want to make a purchase from an unknown vendor or even visit a site that you’re not feeling so sure about.

If you happen to click on a poorly rated site link, you will be presented with a warning message that provides the option to escape, view comments left by other users regarding their experience, or to take a chance and proceed anyway.

Web of Trust plays well with all of the popular browsers – Chrome, Firefox, Internet Explorer, Safari, & Opera – and can be downloaded for free from the MyWOT.com website.

If you haven’t done so already, I’d say give the WOT browser plug-in a shot. Feel free to share your thoughts on it in the comments below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Fake CULT Order Confirmation Email Used to Spread Malware

If you receive a mysterious confirmation email for an order you don’t recall placing, beware! It may be a trap.

Security experts over at PandaLabs (of Panda Security) have come across a phishing email posing as an order confirmation email from CULT, a clothing retailer based in the UK.

The email appears to be carefully crafted by the cybercrooks behind it too. There are no obvious grammar or spelling errors, the sender's address is a  spoofed cult.co.uk email and they build credibility with the consistent use of a fake confirmation number and details for a legitimate product sold by CULT in within the order details.

The only thing that may give it away is the order date, which is listed as "02/11/2007."

Here's the email:

Image Credit: PandaLabs

From: Cult.co.uk [confirmation@cult.co.uk]
Subject: CULT Order Confirmation (CULT78318)

Dear [NAME],

Thank you for shopping with CULT. Please look over the details below to ensure your order is correct.

If you have any queries with your order please contact us.

Please allow 3-5 days for delivery.

Payment Type: Credit/Debit Card

The order can be viewed by visiting:

hxxp://www.cult.co.uk/secure/orders/view-order.php?order_id=CULT78318&key=2ac8e137a3b954de26a

Your Order Number is CULT78318             0/2/11/2007
What you bought…         Qty         GBP Price each  Sub

Superdry             1              174.99 GBP         174.99
Superdry vintage distressed leather Brad jacket made from super-soft full grain leather with six pocket design, embroidered motif on shoulder and layered collar detail. As worn by David Beckham.

Colour: brown
Size: M
Item Code: BU0105010040

Total: 174.99
Voucher: -0.00
Delivery: 16.00

Total + Delivery: 190.90

CULT CLOTHING
Unit 60
The Runnings

Cheltenham
Glos.
GL51 9NW
UK
e: care@cult.co.uk
www.cult.co.uk

Unfortunately, targets of this phishing email are in for a rather unpleasant surprise if they decide to click the link to "view the order details" and download a malicious EXE file masquerading as a harmless PDF file. Inside that executable hides a nasty Trojan with bot capabilities, dubbed “Ainslot.L” by PandaLabs.

Once Ainslot.L makes its way onto your computer, it will create/modify registry keys to make sure it runs on startup and bypass the system firewall, seek out and remove any other data-stealing Trojans that may be hiding on the system and then proceed to leverage its own keylogging capabilities in order to steal account logins – regardless if it’s to your bank account or social networking profile – and relay that data to the cybercriminals behind it.

Sounds like fun, right?

To avoid having their PC infected with the Ainslot.L Trojan, users should:

• Avoid following links within unsolicited emails, even if they appear to be legitimate.


• Avoid downloading any files from untrusted sources.


• Always run antivirus software on their PC and make sure the virus definitions are current.


• Make sure their email client is protected by a comprehensive spam and malware filtering solution.

Stay safe, folks!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

How to Scan Email File Attachments Without Downloading Them First

As kids we’re taught not to take candy from strangers and as adults we’re told not to take file attachments from strangers.

What if that file is coming from a colleague or friend?

One of the various ways that viruses, worms or other malware have been known to spread is by spamming itself to all of the contacts within a victim’s address book.  So, it's necessary to be cautious with files attached to emails coming from people you know as well.

While it’s true that a lot of email clients have some sort of antivirus software backing them (for instance, Yahoo! uses Norton to scan messages), nothing is 100% and there’s a chance that the scan won’t detect the dangers lurking within.

As luck would have it, VirusTotal offers the ability to run file attachments through a laundry list of different antivirus programs including Kaspersky, NOD32, TrendMicro, McAfee, Panda, and others. Best of all, you don’t even have to download (or open) the file in order to do it!

All you have to do is:

1. Change the “Subject:” field of the email to “SCAN”.


2. Clear out the body of the email, only leaving the file attached.


3. Forward the email with the file attachment to scan@virustotal.com.

Once the file has been processed, a report of the findings will be sent back to the same email address it was sent from.  And since the file will run through such a wide assortment of antivirus programs, there’s a very good chance that any malware hiding inside will be detected.

Just keep in mind that the response time varies on the server load and this only a method to detect malware, not eliminate it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Lift Those Virtual Rose-Colored Glasses & Face 6 Truths About Online Dating Site Privacy

Thinking about giving online dating a try?

You may want to consider the fact that whatever information you type – or photos you upload – into the dating site to build your profile may linger around for a while, waiting for you to come back.

You know, kind of like a creepy ex.

That’s right; the Electronic Frontier Foundation found that even though you may deactivate your dating profile at some point, like when you start dating someone, it doesn’t mean that your information is removed from the dating site’s servers.

In fact, they keep that information on file to make it easier for you to return - and that’s just the beginning.

Here’s the list of 6 things that the EFF suggest online daters keep in mind:

1. Pressing “Delete” or “Deactivate” doesn’t really mean your information has been removed.
   While it sort of makes sense that they’d keep your information on file just “in case” things don’t work out with your new partner, we must remember that same information is subject to come back to haunt you if a court order ever calls for it. This includes any photos that you upload, too. But, before you freak out, keep in mind that Facebook doesn’t really delete photos either.


2. Dating sites are not always as secure as we’d like to think.
   It wasn’t that long ago that a rather huge security flaw was discovered in the popular dating site, PlentyOfFish.com that exposed the personal data and login credentials for ~30 million users. Then there was the more recent exploit of a security flaw within the mobile app, Grindr that allowed the attacker to impersonate other users. Suddenly it’s not so comforting knowing that your information may be hanging around on dating site servers, huh?


3.  Google may index your dating profile.
   While this isn’t always the case, it’s something you have to think about. What if someone you know happens to Google your name one day – like your boss? Are you ready for THAT [potentially awkward] discussion?


4. Trying to discreetly find love online? Your pictures would tell on you anyway.
   If you were thinking on using a variety of tricks to shield your identity by using an alias or flubbing the information a bit, you may want to be careful what photos you use. Otherwise services like TinEye and Google Image Search would blow you out of the water by matching photos you’ve used before.


5. Your data helps online advertisers sell you stuff.
   This shouldn’t be too much of a shock, especially if you’re on Facebook or use anything of Google’s (who openly admits they use your data to serve you relevant ads). If you don’t want this happening while you’re on the hunt for love, it’s probably best if you check the site’s privacy policy first.


6. HTTPS is usually poorly implemented on dating sites.
   This leaves any data transmitted during your dating site browser session open for eavesdroppers to listen in on – messages, browsing history, or even account hijacking. Remember when Ashton Kutcher’s Twitter account got hijacked because he didn’t have HTTPS enabled on his Twitter account? Imagine that, only you’re Ashton.

With all of that being said, is there any way to keep your data safe and still partake in online dating?

A Few Privacy Tips for Online Daters

• Read the privacy policy of whatever dating website you intend to use to see what their policy is regarding data deletion.


• Avoid using your name and use a disposable email address that’s dedicated solely to your online dating activities.


• Think twice before handing over your billing information to a dating site that calls for it. You may want to search for data breach history, user reviews, learn more about the security measures in place, etc.


• Double-check the settings within your profile to make sure you’re only visible to logged-in users.


• Consider using TinEye or Google Image Search to look for other instances of photos you intend on using in your dating profile before uploading them.


• Look into using a plugin like HTTPS Everywhere for Firefox to automatically change URLs from HTTP to HTTPS.

Do you have any other tips to help improve privacy for online daters? Share your thoughts below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Whitney Houston Fans Should Watch Out for Scams & Spam Related to Her Death

By now you’ve heard of the passing of legendary R&B/Pop singer, Whitney Houston.

Social networking sites like Twitter and Facebook lit up on Saturday as users shared stories on how her music impacted their life, posted their condolences to the family, and prayed she rest in peace.

While many were  paying their virtual respect to the deceased star, cybercriminals took advantage of the buzz in order to direct traffic to their survey scams and data mining websites.

Security experts over at TrendMicro warned about a survey scam circulating on Facebook that’s drawing it’s victims in by using a fake video as bait.

Whitney Houston Death Video Exclusive
We all love Whitney Houston. Here is a video before she dies.

When users click the link, they’re redirected multiple times before finally landing on the third-party website that asks you to divulge personal information in exchange for a prize (iPhone, Wal-Mart gift card, etc.).

Not wanting to stop there, cybercrooks also launched a spam campaign on Twitter that involved a blog post dedicated to the singer that the cybercrooks rigged to automatically redirect visitors to another site offering Whitney Houston wallpapers and ringtones.

At some point during that site visit, users would then be redirected to another survey site that asked users for their mobile phone number.

TrendMicro created this diagram that illustrates the hoops unsuspecting users are shoved through in the Twitter scam:

Image Credit: TrendMicro

Whitney Houston Fans Should Beware of Future Scams

There’s a very good chance that additional scams will pop-up as the story develops and more information regarding her passing is released to the public.

Following Steve Jobs’ passing, cybercrooks launched a series of spam/scam campaigns that ranged from free iPad giveaways on Facebook to spam emails claiming Steve Jobs was still alive. They even made up a fake charity fund (promoted via spam) to steal money from adoring fans.

Users should remain vigilant when following links posted on social networks or shared in unsolicited emails. Try to stick to well-known and reputable media outlets to make sure you get the best information and to minimize your chances of walking straight into a cybercrook's trap.

Cybercriminals will be doing their best to catch people off-guard by tapping into their curiosity regarding the lives of our favorite celebrities in order to collect personal information, get users to complete surveys or cheat them out of their hard-earned cash.

Stay on guard, folks and R.I.P Whitney Houston!

Photo of Whitney Houston Credit: Wikipedia

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: HP Folio Ultrabook for $966, plus shipping!

This offer expired on February 17th, 2012. Check the top banner ad for our current deal.

Incredibly thin, extremely light and offering up to 9 hours of battery life, the HP Folio is perfect for business professionals who are constantly on-the-go and need an ultrabook that's not only easy to travel with, but powerful enough to take on any task.

The HP Folio was named PCMag Editor's Choice for Ultrabooks.

For a limited time, you can order a brand new HP Folio Ultrabook from Hyphenet for only $966, plus taxes and shipping! Call Hyphenet at (619) 325-0990 to order your HP Folio Ultrabook today!

Specifications for the HP Folio Ultrabook

MFR#		B2A32UT#ABA
Display		13.3" LED Widescreen 1366 x 768 WXGA Display
Processor		Intel Core i5 i5 1.6GHz
RAM		4 GB DDR3 SDRAM - 1333MHz
Hard Drive		128 GB SSD
Graphics Processor		Intel HD Graphics 3000
Networking		Gigabit Ethernet, WLAN : 802.11 a/b/g/n, Bluetooth 3.0
Operating System		Windows 7 Pro 64-bit
Optical Drive		None.
Warranty		Limited 1-year warranty.

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your HP Folio Ultrabook today!

Buy of the Week offer valid through February 17th, 2012

Do You Know Who Your Online Enemies Are? [INFOGRAPHIC]

Do you know who the bad guys are in your virtual neighborhood and what their MO is?

Sure, you may be well versed in dealing with spammers that flood your inbox with pharmaceutical or Rolex replica themed messages, phishers that send spoofed emails in order to steal your personal information, or maybe even social media scammers that bring the “fun” to your social networking accounts by sending you links to survey scams, malicious videos, or whatever other junk they could dish up.

But there are a few other miscreants that you’ve forgotten about – Malvertisers, FakeAV Creators and App Trojanizers. Do you know what their MO is?

Thankfully, TrendLabs has created an infographic that illustrates the threats these virtual criminals produce and provide insight to how much they make from stolen data. Check it out:



 

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Trojan "In-the-Wild" Exploits Patched Microsoft Office Vulnerability

Once again, we’re being reminded how important it is to keep your computer’s operating system current with the latest updates and patches.

If you don’t, you may find yourself in hot water when you encounter an attack that exploits a vulnerability that wouldn’t have otherwise existed.

Researchers over at Symantec stumbled across a targeted attack that attempts to exploit a Microsoft Office vulnerability that Microsoft issued a patch for back in September (see security bulletin MS11-073).

In the attack, the victim would receive a zip file – typically named “report.zip” – via email containing two files: a Word document and a DLL file, “ftputlsat.dll.” It’s a rather interesting combination given that DLL files are rarely sent by email and the malicious DLL file carries the same name of a legitimate file that’s used for the Microsoft Office FrontPage Client Utility Library.

Image Credit: Symantec

When executed, Symantec’s researchers found that the exploit makes use of an ActiveX control embedded in the Word doc.

“When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library.” Joji Hamada explained in a blog post published on Thursday, “If the exploit is successful, malware is dropped onto the system.”

Once the attack has been carried out, the fputlsat.dll file is replaced with “Thumbs.db”, which is commonly created by Windows when thumbnail view is used and is typically hidden from view.

Symantec identifies the Word doc used in this attack as "Trojan.Activehijack."

Don't Leave Your System Vulnerable - Update Your OS!

To avoid being hit by this attack, users are advised to:

• Be wary of emails that contain DLL files. (Do not download or open files coming from an unknown/untrusted sender).


• Keep their system patched and protected with OS updates.


• Always run antivirus software and make sure the virus definitions are current.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Google: We'll Pay You $25 If You Let Us Track Everything You Do

Have you been sitting back, wondering when companies will start paying YOU for your personal data and browsing habits?

The day has finally arrived! And who better to pony up the dough than the one company that likely has the most user data of them all (and recently announced their intent to share it across all of their services)?

Yes, I’m referring to none other than Google.

The search engine giant has started a new project called “Screenwise” that involves panelists who agree to install a browser extension that will share all of the sites you visit – and how you use them – with them.  That, in turn, will help Google improve their products and services to “make a better online experience for everyone.”

So what is Google looking to pay for users who agree to this?  A maximum of $25 per year, depending on how long you keep it installed:

Up to $25 in gift cards. Our panel management partner, Knowledge Networks, will give you a $5 Amazon.com Gift Card code instantly when you sign up and download the Google Screenwise browser extension.¹ Then you’ll get additional $5 Amazon.com Gift Card codes every three months for staying with it.² It's our way of saying "Thank you."

It seems that a lot of people were open to the idea of being paid for their browsing data too.

Even though Google only launched the Screenwise project on Tuesday, they’ve already reached the number of panelists they were hoping for and the option to sign-up for it has been replaced by the following message:

We appreciate and are overwhelmed by your interest at the moment. Please come back later for more details.

Were you one of the users that signed up for Screenwise? What do you think about the Screenwise project? Share your thoughts below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Photo Credit: L_K_M

New "UPS Notification" Spam Making Rounds

Did you recently ship a package via UPS?

Spammers are placing their bets that you have and that you won’t think twice before following the instructions within the email, ultimately pave the way for malware to make its way onto your PC.

The spam emails come from a spoofed “United Parcel Service” email address (0511notify@ups.com) and claim that your package was rejected at the place of delivery.

Like the malicious FedEx spam campaign we saw last year, the email totes an alleged “delivery sticker” – or, in the FedEx spam case, a “shipment label” – that’s in the “UPS document.zip” file attached to the email. Your job is to download it, open it and present it to your local UPS office.

Bear in mind, folks, that’s no delivery sticker. It’s malware.

Here’s the email:

Subject: UPS notification
From: United Parcel Service (0511notify@ups.com)

Dear Customer,

This is a follow-up on your package delivery (tracking number 0p2uYq5RIho). The package contained in the above-mentioned shipment was not accepted at the destination address. Please contact your local UPS office and produce the printed delivery sticker, included in this email attachment.

Please note that in case of a failure to contact your local UPS office within 21 days the parcel will be returned to sender.

Happy to serve you,
UPS.com

This is automatically generated delivery status email, please do to reply to it.

Fortunately, the spammers behind this email didn’t do a very good job addressing the bogus UPS notification email to their mailing list of victim. The fact that this email is a fake becomes rather obvious once you look at the unfamiliar email address listed in the ‘To’ field, along with the 21 additional email addresses that are copied on it!

If you receive this email – or one similar to it – it would be in the best interest of your computer’s health not to open it. Instead, hit the ‘delete’ button and go about your day.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Extortion or Bribery? Story Behind Symantec Source Code Leak Gets a Little Weirder

Just when you thought the story behind the stolen Symantec source code hit the ultimate level of crazy, the bar gets raised a little higher.

On Monday, an email thread posted on Pastebin revealed that a hacker named Yamatough attempted to extort $50,000 from Symantec to prevent the release of stolen source code; however, the following day, Anonymous took to Twitter to say that the hacker(s) didn’t try to extort Symantec, but Symantec tried to bribe the hackers!

https://twitter.com/#!/YourAnonNews/status/166898121341804544

As if that statement isn’t mind boggling enough, a tweet by AnonymousIRC seems to backtrack on the idea of bribery and favor the extortion attempt by saying that Symantec got trolled and that the code was always destined for a public release:

https://twitter.com/#!/AnonymousIRC/status/166957537676099585

So, which is it?

Did Yamatough offer to settle the score without releasing the stolen source code for a cool $50k or was it Symantec that originally stepped up and dangled the green in front of the hacker in hopes of shutting them up?

Whatever the case may be, the source code for pcAnywhere has been released and the hackers are still sitting on the source code for other Symantec products.

Users who depend on Symantec’s antivirus and security products for protection should seriously consider switching vendors to avoid being hit by a 0-day exploit thanks to the release of Symantec source code.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Anonymous Posts pcAnywhere Source Code on Pirate Bay After Failed Extortion Attempt

It looks like the hackers that lifted source code from Symantec’s servers back in 2006 have kept their promise to release the stolen source code to the public.

According to an email exchange posted on Pastebin on Monday, a hacker going by the handle “Yamatough” had been communicating with a purported Symantec employee by the name of Sam Thomas in hopes of getting a $50,000 payday as long as he agreed not to release the stolen pcAnywhere and Norton Antivirus source code.

Unfortunately, negotiations that started back in mid-January eventually broke down and Yamatough fired off his final threat to release the source code if Symantec didn’t agree to hand over 50 grand within 10 minutes:

Since no code yet being released and our email communication wasn’t also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it

Thomas replied, saying they couldn’t make a decision in 10 minutes and more time was needed.

Shortly thereafter, Yamatough took to Twitter to apologize to his followers for his silence, filled them in on the offer from Symantec and said the stolen source code was up for sale.

The AnonymousIRC channel helped get the word out by tweeting that the stolen Symantec source code would be published soon:

https://twitter.com/#!/AnonymousIRC/status/166676746689716226

Hours later, a 1.27GB RAR file named "Symantec's pcAnywhere Leaked Source Code" appeared on PirateBay and @AnonymousIRC  posted a tweet advertising the link:

https://twitter.com/#!/anonymousirc/status/166744502315388930

What's Symantec's Response?

Symantec has confirmed the extortion attempt and released the following statement:

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Update 2:22 PM: Symantec has also confirmed that the pcAnywhere source code posted on Pirate Bay is legitimate:

We can confirm that the source code is legitimate. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks.

Photo Credit: zodman

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Fake Twitter DM Notification Email Links to Pharmaceutical Site

So you received an email saying you got a new direct message on Twitter, but is it real?

It may not be.

Spammers are now sending out bogus Twitter DM notification emails in order to direct traffic to pharmaceutical websites.

In order to yield the highest click-through rates, spammers took the time to make sure the fraudulent Twitter notification emails closely resemble legitimate ones.

The fake Twitter emails use the same layout, link directly to the images used in the real emails, lack the typical grammar mistakes featured in spam (obviously since the content was copied and pasted from genuine emails) and come from a spoofed Twitter email address (@postmaster.twitter.com).

Of course, all of the links within the spam version link to a pharmacy website instead of Twitter, but by the time the average user realizes that the site would already be loaded in their browser.

How do you know if you’re looking at a fake Twitter DM notification email?

Aside from hovering your mouse over the link to check the real destination URL, one way to tell the real apart from the fake is to check whether or not your Twitter handle is mentioned in the email.

The real notification email from Twitter reads:

Direct message sent by Kevin Cook (@KevinCook) to you (@yourtwittername)..

Obviously the spammer doesn’t know who you are on Twitter, so they’ll use what information they DO have, which is your email address:

Direct message sent by Kevin Cook (@KevinCook) to you (your@email.com)..

FAKE Twitter DM Email (SPAM)	REAL Twitter DM Email

To avoid falling for this Twitter DM spam campaign, users should:

• Type the targeted website directly into the browser versus clicking links or, at the very least, hover over links to check the destination URL before clicking them.


• Make sure their email client is protected by a comprehensive spam and malware filter.


• Always remain vigilant when going through their email inbox and trusting their gut when something feels a bit "off".

Don’t miss out on the latest tech news and computer security alerts!  Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.