We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Hotel internet connections distributing malware, warns FBI

Hotel internet connections distributing malware, warns FBI

Travellers are tricked into downloading malicious software after logging onto a hotel Internet connection

Article comments

The FBI has warned travellers there has been an uptick in malicious software infecting laptops and other devices linked to hotel internet connections.

The FBI wasn't specific about any particular hotel chain, nor the software involved, but said: "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while they are establishing an internet connection in their hotel rooms.

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travellers perform software updates on laptops immediately before travelling, and that they download software updates directly from the software vendor's website if updates are necessary while abroad."

The FBI said typically travellers attempting to set up a hotel room internet connection were presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

The warning was issued through the FBI's partnership with the Internet Crime Complaint Center's (IC3) and comes on the heels of a number of other warnings such as:

Investment scam

The IC3 continues to receive complaints involving subjects who have obtained the names and Social Security numbers of individuals for illegal purposes. Subjects use the information to defraud the US government by electronically submitting a fraudulent tax return to Internal Revenue Service for a hefty refund. The prevalence of such complaints mirrors the recent surge in tax fraud cases involving identity theft.

The IRS also reported complaints of fraudsters incorporating the use of bogus IRS documents to perpetrate this scheme. "One example of how subjects are using bogus IRS documents to commit investment fraud and steal victims' identities is by the subjects posing as a tax consulting firm. The subjects engage potential victims via telephone and attempt to convince them to sell their underperforming shares in a company.

The potential victim is advised to sell their corporate shares, applicable taxes must be paid. Some of the victims were also advised they had to buy other certain shares with their profit. Documents such as share certificates and invoices for federal and state taxes were exchanged via email. After the funds were wired, the subjects became unresponsive to the victim's inquiries. An open source search also revealed multiple complaints concerning this scheme. It is unknown at this time how the subjects obtained knowledge that the victims actually owned underperforming stocks."

Blackhole exploit kit updated

According to the IC3, Blackhole is currently the most widely purchased exploit pack in the underground market. An exploit pack is a software toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash.

On 25 March 2012, the Blackhole Exploit Kit 1.2.3 was released, IC3 stated. This kit included the latest critical vulnerability in Java, allowing the bypassing of Java's sandbox environment. Java's sandbox is designed to provide security for downloading and running Java applications, while preventing them access to the hard drive or network. New malware samples appearing in the wild have been highly successful at exploiting this flaw and it is estimated at least 60% of Java users have not yet patched against it.

CPA malware

The IC3 reported an increase in unsolicited emails titled "BULK Termination of your CPA licence." One example of the many email addresses used was support@aicpa.org. The IC3 has also received complaints reporting this spam campaign. The emails were purportedly from The American Institute of Certified Public Accountants concerning a complaint filed against the recipient for filing fraudulent tax refunds for their clients. A link was provided for the recipient to view the complaint. Recipients were advised to provide feedback within a specific period of time and threatened with possible termination of their accountant licences if they failed to do so, the IC3 stated.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *