FBI Warning: Don't Update Software on the Road
May 09, 2012 3:43 PM EST
By Fahmida Y. Rashid
The Federal Bureau of Investigation is warning travelers to watch out for fake and malicious software update messages when connecting to the wireless network at their hotels.
Masquerading as a software update to "widely-used software," the malware displays a pop-up window when the guest tries to connect to the hotel's wireless network, the Internet Crime Complaint Center warned in an Intelligence Note on May 8. Most hotels require a guest to open a Web browser and login, or accept the terms of service, before allowing the guest to connect to the wireless network.
It appears that cyber-criminals found a way to inject themselves into this connection process. The IC3 did not specify whether the hotel website had been hacked or if the criminals were using other techniques. The Intelligence Note also did not specify the name of software being spoofed by the malware or the countries in which these attacks had been observed.
"The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection," the IC3 said in the warning.
IC3 is a partnership between the FBI and the National White Collar Crime Center and regularly releases Intelligence Notes to warn Internet users about cyber-security threats. Anyone who may have encountered this type of attack is encouraged to promptly report it to the local FBI office, IC3 said.
How to be Safe
The FBI recommended that travelers perform all software updates before traveling and to avoid downloading any updates while on the road. If it's necessary to run an update, the user should navigate directly to the vendor's website to download the latest files instead of clicking on pop-up windows, according to the warning.
Just before leaving, users should make sure the antivirus and security software is up-to-date and that the latest patches for the operating system and applications have been applied, according to Stephen Cobb, a security evangelist at ESET. A full backup of the laptop wouldn't be a bad idea, either.
Users should be just as careful on any public Wi-Fi network and ignore software update requests on those networks, according to the Mac security experts at Intego.
Malware Targeting Hotels
While it isn't explicitly stated, the FBI warning is a reminder that industrial espionage when traveling abroad is a serious threat. Many executives and business travelers have reported being infected by information-stealing malware that targeted corporate and sensitive information on their laptops.
Industrial espionage is not the only threat, as cyber-criminals are finding hotels a lucrative target. Less than a month ago, security researchers from Trusteer publicized a remote access Trojan (RAT) attack in which malware infected point-of-sale computer systems at hotel front desks. The malware stole credit card and other customer information by capturing screenshots of the hotel application. Trusteer claimed the malware was being sold in underground forums for a mere $280 as part of a kit which included support, setup instructions, and social engineering tips.