Travel Technology - FBI warns globe trotters about malware lurking in hotel room connections

From http://www.infosecurity-magazine.com/view/25671/fbi-warns-globe-trotters-about-malware-lurking-in-hotel-room-connections

and being picked up by others

The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.

The malware is downloaded when users try to update software while using their hotel’s internet connection, according to an intelligence note by the US Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.

Just a heads up for those who may have seen strange messages in the past, may want to make sure your defenses are up to date.

Once connected to the internet, users receive a pop-up window that notifies them that a widely used software product needs to be updated. If they click to download the update, malware is installed instead.

I wish the article described more in detail what this pop-up window looked like. If it shows up in a browser, this would be a non-issue as anyone familiar with computers would not bother clicking on it. If it shows up similar to the standard Adobe or Java updates, that might be more of a problem. I find that highly unlikely though, since they are software based and not browser based. My bet is that this is based on a browser pop up, thus making this less scary for more experienced web users.

What if you redirected the IP address of something like update.microsoft.com and redirected it to a bogus server some places pretending to be a Windows update server?

What if you redirected the IP address of something like update.microsoft.com and redirected it to a bogus server some places pretending to be a Windows update server?

Easy enough to do with a man-in-the-middle attack. This is one reason I prefer wired connections at hotels, and a reason I've taken to routing all my traffic through a VPN when operating on an unknown network. No VPN authentication? I use a MiFi or just outright don't surf.

There have been several stories about it wondering why the FBI did not identify the countries, the software product being spoofed, etc. It sounds like people are presented with some type of upgrade window for a security product and when they click to update it infects them.

I can easily see it happening, you connect to what you think is the hotel wireless, and you get a popup saying something like

To use this connection you must update your Microsoft Security Essentials (or McAfee, or Nortons, or one of the majors) with the right logo and people will say OK, must do that.

What the FBI didn't tell us about the hotel malware threat (http://nakedsecurity.sophos.com/2012/05/10/fbi-hotel-malware-threat/) from the Sophos anti virus people where they take it line by line

I bet it's adobe flash (or any adobe product). But it could be anything.

-David

i hardly ever update my laptop on the road. When in hotels I do prefer to use a MS VPN back to my home office.

With often super crappy hotel internet speeds, I never update my software on the road.

Also, all updates are controlled by my Corp IT folks, anyways. :D

This is very scary!

... individuals who travel abroad ... So that would include me when I travel to the US? :p

The sophos link already poses the credibility question. The FBI story looks like just another don't-trust-furriners item. It's always a good idea to be wary of downloading updates wherever you are. @:-)

And why the FBI? Isn't that a Federal organization (clue in the name ;)) busy in the US? Why not other agencies with responsibilities outside the US such as the CIA, State Department or whatever? [Shhh! Verging on to OMNI/PR territory ...]

We just got a corporate warning about this. The hand-wringing notice stated "any hotel, domestic or international". I expect further computer lock-downs shortly.

That said, something like this is easy to accomplish in either a US hotel or in other countries.

There have been several stories about it wondering why the FBI did not identify the countries, the software product being spoofed, etc. It sounds like people are presented with some type of upgrade window for a security product and when they click to update it infects them.
I wish the article described more in detail what this pop-up window looked like. If it shows up in a browser, this would be a non-issue as anyone familiar with computers would not bother clicking on it.
No real point in providing details, it's easy to change the message from "Pending Windows Update" to "Pending Flash Update". I’ve seen plenty of popup windows that look very convincing and could easily trick any novice user. As for location, there are bad people in every country (including the US). So everyone (including Mac and Linux users) need to be careful whenever they are online. Especially when using a public/open/free internet connection.
What if you redirected the IP address of something like update.microsoft.com and redirected it to a bogus server some places pretending to be a Windows update server?
Virtually all OSes and browsers prevent this type of attack through a combination of encryption and digital signatures. The real risks are pop-ups and browser exploits.

My asus travel router went wacky on my last trip. It's IP addr changed, and the login screen became a generic web server error page. The "reset to defaults button" seemed to remedy it, but I still intend to reload the firmware before next use.

I decided maybe I shouldn't use admin/admin as its login anymore....