FBI Warning: Don't Update Software on the Road
May 09, 2012 3:43 PM EST
By Fahmida Y. Rashid
The
Federal Bureau of Investigation is warning travelers to watch out for
fake and malicious software update messages when connecting to the
wireless network at their hotels.
Masquerading
as a software update to "widely-used software," the malware displays a
pop-up window when the guest tries to connect to the hotel's wireless
network, the Internet Crime Complaint Center warned in an Intelligence
Note on May 8. Most hotels require a guest to open a Web browser and
login, or accept the terms of service, before allowing the guest to
connect to the wireless network.
It appears
that cyber-criminals found a way to inject themselves into this
connection process. The IC3 did not specify whether the hotel website
had been hacked or if the criminals were using other techniques. The
Intelligence Note also did not specify the name of software being
spoofed by the malware or the countries in which these attacks had been
observed.
"The FBI recommends that all
government, private industry, and academic personnel who travel abroad
take extra caution before updating software products on their hotel
Internet connection," the IC3 said in the warning.
IC3
is a partnership between the FBI and the National White Collar Crime
Center and regularly releases Intelligence Notes to warn Internet users
about cyber-security threats. Anyone who may have encountered this type
of attack is encouraged to promptly report it to the local FBI office,
IC3 said.
How to be Safe
The FBI
recommended that travelers perform all software updates before traveling
and to avoid downloading any updates while on the road. If it's
necessary to run an update, the user should navigate directly to the
vendor's website to download the latest files instead of clicking on
pop-up windows, according to the warning.
Just
before leaving, users should make sure the antivirus and security
software is up-to-date and that the latest patches for the operating
system and applications have been applied, according to Stephen Cobb, a
security evangelist at ESET. A full backup of the laptop wouldn't be a
bad idea, either.
Users should be just as
careful on any public Wi-Fi network and ignore software update requests
on those networks, according to the Mac security experts at Intego.
Malware Targeting Hotels
While
it isn't explicitly stated, the FBI warning is a reminder that
industrial espionage when traveling abroad is a serious threat. Many
executives and business travelers have reported being infected by
information-stealing malware that targeted corporate and sensitive
information on their laptops.
Industrial
espionage is not the only threat, as cyber-criminals are finding hotels a
lucrative target. Less than a month ago, security researchers from
Trusteer publicized a remote access Trojan (RAT) attack in which malware
infected point-of-sale computer systems at hotel front desks. The
malware stole credit card and other customer information by capturing
screenshots of the hotel application. Trusteer claimed the malware was
being sold in underground forums for a mere $280 as part of a kit which
included support, setup instructions, and social engineering tips.
No comments:
Post a Comment