10 May 2012

FBI Warns Travelers Against Malware that Checks into Hotels

The FBI warns travelers about phony software updates that users see when logging on to some hotel systems. The pop up windows advising users to download a software update are actually a form of infecting guests’ laptops with malware.

“If the user clicked to accept and install the update, malicious software was installed on the laptop,” the FBI intelligence note read. “The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.”

The agency didn’t give details about the type of malware installed, the reasons behind the attack, nor the countries in which these attacks had been noticed. It recommended travelers update their laptops before traveling, or download software updates directly from the software vendor’s web site if updates are necessary while abroad.

Though the FBI mentioned this kind of hotel e-threat happens “abroad”, security specialists warned that hotels in the US are also at risk. The industry proved it has many security vulnerabilities that can easily be exploited by cyber crooks. Recently, a JavaScript was inserted into websites visited through the hotel Wi-Fi connection to push advertisements. This breach was harmless, but others have already been used for stealing costumer data.

Less than a month ago, a Trojan sneaked into hotel front desks and feasted on credit card information. The malware was sold in underground forums for $280, the offer including tips and tricks about luring hotel managers into installing the program.