Expedia Hoax
Dec 25, 2009, 8:08 pm
#1
Original Poster
Join Date: Oct 2003
Location: Traveling the World
Posts: 6,072
Expedia Hoax
Last night I was looking up information on cruise prices and the website automatically loaded a message saying that my computer was infected and an automatic virus scan window popped up. Now mind you I am using Firefox have a good virus scan and Firewall protected. I was very livid that this happened. Another friend confirmed this too. I sent off an email to Expedia hoping that they will offer me some type of compensation for my inconvenience.
I spent the holidays backing up my data and doing virus scans. I talked with an IT friend of mine who said that it was on their end because it never happened on my end until I went to Expedia and other people that I spoke to had the same problem with the latest virus scan.
I was a potential customer but was left with a sour feel after this. Firefox is really good about keeping these websites away from my computer and I have the popup blocker enabled. I never use IE.
Has anyone here had an issue these past few days? If Expedia was taken over by a hacker then it is their IT departments responsibility to take down the website and inform their customers what is going on. The thing I was afraid of is that if I entered my credit card online it would not be secure.
I always run Adware to get rid of Spyware.
I asked for compensation for my troubles and clearly they need to take responsibility as I am doing my part by keeping my computer up to date.
I spent the holidays backing up my data and doing virus scans. I talked with an IT friend of mine who said that it was on their end because it never happened on my end until I went to Expedia and other people that I spoke to had the same problem with the latest virus scan.
I was a potential customer but was left with a sour feel after this. Firefox is really good about keeping these websites away from my computer and I have the popup blocker enabled. I never use IE.
Has anyone here had an issue these past few days? If Expedia was taken over by a hacker then it is their IT departments responsibility to take down the website and inform their customers what is going on. The thing I was afraid of is that if I entered my credit card online it would not be secure.
I always run Adware to get rid of Spyware.
I asked for compensation for my troubles and clearly they need to take responsibility as I am doing my part by keeping my computer up to date.
Dec 26, 2009, 11:45 pm
#3
Join Date: Dec 2009
Posts: 29
I just got the same nastiness on expedia's site. Very disturbing, but i don't think any harm was done.
The script takes maximizes the firefox window to fullscreen and simulates Windows Explorer. It would definitely throw people for a loop if they didn't know what was going on.
It also tried to launch an .exe, so be careful.
The script takes maximizes the firefox window to fullscreen and simulates Windows Explorer. It would definitely throw people for a loop if they didn't know what was going on.
It also tried to launch an .exe, so be careful.
Dec 27, 2009, 1:44 am
#4
Original Poster
Join Date: Oct 2003
Location: Traveling the World
Posts: 6,072
Thanks for confirming
I wrote to Expedia and waiting for a response. I feel that it is their responsibility to look into this. I am doing my part by keeping my system updated with Virus scan and Spyware. Since it opens an exe this is very disturbing even if it may not do anything one can never be too sure in these days.
I was a potential customer as explained in my email. I asked for compensation because of hours spent. When you see an automatic exe file open that looks like Windows Explorer you should be scared. God forbid if someone stole my identity. Expedia says that the will never ask for passwords. That I know but if a hacker is taking over their website then there is a problem.
I think Expedia should take down their webstie and inform their customers to the situation.
I will pursue this to the fullest extent possible. If Expedia refuses to compensate me then I will pursue it until they do. I am taking no for an answer because how do I know my computer was compromised by an outside source.
This is a reason why Outsourcing can be bad as they are not working as a team to look at hacks to their website. If I was the webmaster I would take down the website until the hoax was cleared. I am surprised no other customers have complained or did they and I just don't know about it.
I was a potential customer as explained in my email. I asked for compensation because of hours spent. When you see an automatic exe file open that looks like Windows Explorer you should be scared. God forbid if someone stole my identity. Expedia says that the will never ask for passwords. That I know but if a hacker is taking over their website then there is a problem.
I think Expedia should take down their webstie and inform their customers to the situation.
I will pursue this to the fullest extent possible. If Expedia refuses to compensate me then I will pursue it until they do. I am taking no for an answer because how do I know my computer was compromised by an outside source.
This is a reason why Outsourcing can be bad as they are not working as a team to look at hacks to their website. If I was the webmaster I would take down the website until the hoax was cleared. I am surprised no other customers have complained or did they and I just don't know about it.
Dec 27, 2009, 3:30 pm
#5
Join Date: Jan 2009
Posts: 109
I got that the other day too. Wasn't sure if it was Expedia or another site, since I had a couple windows open, but figure now it was probably Expedia. It pops up every week or so on various sites and my wife saw it a couple days ago on her laptop too.
It seems to be just a fake pop-up window that has an animated image which is supposed to look like your virus scanner is finding viruses (even though it doesn't actually say it's AVG, it has a similar-looking fake logo), and a smaller pop-up which asks if you want to perform some action. Uh, no thanks. I figure that's where the real virus would come from if you said OK.
I just X out of all of it, clean out cookies with ccleaner in case it dropped some, and go on. My real virus scanner never shows anything and I've never had any other problems. My wife's laptop got caught in an endless loop of Xing out of the popups and the popups re-occuring, but she restarted and that ended it. Nothing in her real virus scanner either.
I don't know if a pop-up blocker would prevent it from showing, but I need to do some stuff that requires popups and it's easier just to leave them turned on all the time.
It seems to be just a fake pop-up window that has an animated image which is supposed to look like your virus scanner is finding viruses (even though it doesn't actually say it's AVG, it has a similar-looking fake logo), and a smaller pop-up which asks if you want to perform some action. Uh, no thanks. I figure that's where the real virus would come from if you said OK.
I just X out of all of it, clean out cookies with ccleaner in case it dropped some, and go on. My real virus scanner never shows anything and I've never had any other problems. My wife's laptop got caught in an endless loop of Xing out of the popups and the popups re-occuring, but she restarted and that ended it. Nothing in her real virus scanner either.
I don't know if a pop-up blocker would prevent it from showing, but I need to do some stuff that requires popups and it's easier just to leave them turned on all the time.
Dec 27, 2009, 3:53 pm
#6
Join Date: Apr 2009
Location: Snooky
Posts: 2,508
Yesterday it hit me too. Scared the sh** outta me at first. It wanted me to download something to fix the virus attack. You were stuck on that page until you did. Control-Alt-Delete & restart, everything's OK. Searching for spyware, cookies, trojans, or registry problems - nada. I'm still a little nervous. Might go the system restore route before I do any banking. wj
Dec 27, 2009, 4:04 pm
#7
Join Date: Feb 2007
Location: was ARN now BER
Programs: No travel, no cards. :(
Posts: 333
Same thing happened to my daughter a little over a week ago at a different travel site. She, unfortunately, clicked the box to run the scan.
It took about 2 hours total to reset her system and run all the appropriate scans, but she is now in a position to advise her friends - and did exactly that about an hour ago with her best friend trying to continue where they'd left off in planning a short getaway for New Year's.
Annoying, but fixable.
It took about 2 hours total to reset her system and run all the appropriate scans, but she is now in a position to advise her friends - and did exactly that about an hour ago with her best friend trying to continue where they'd left off in planning a short getaway for New Year's.
Annoying, but fixable.
Dec 30, 2009, 6:35 pm
#9
Join Date: Nov 2002
Location: Colorado
Posts: 251
I guess I'm glad to see that other folks have been having the same problem with Expedia. I spent quite a few hours trying to find a browser hijacker on my computer, but never did find anything.
I'm surprised there hasn't been a big uproar on the internet about it.
I'm surprised there hasn't been a big uproar on the internet about it.
Jan 9, 2010, 1:27 pm
#11
Join Date: Jul 2008
Programs: I am a lowly ant
Posts: 1,751
Make sure your browser is in PROTECTED MODE (or just don't use Internet Explorer).
I downloaded the script and analysed and sent it to MS, and they neither responded nor fixed it.
Usually what happens is that some website has a rogue advertiser that inserts the bad code into their ad, or simply triggers a pop-up to a page with the bad script.
The hackers I guess have figured that these fake spyware scanners installed via a trojan/virus/vulnerability are more lucrative than stealing your personal data (or maybe they do that as well).
I do not believe that this happened because of expedia, more likely the situation is there is a gaping hole in the Internet Explorer security and more and more websites are trying to exploit it (maybe you have been to a cookery website or someone's blog, and they signed up with an ad agency that took one of these trojans (usually by accident on the part of the ad agency)). The install is very discrete, they use a hidden window positioned off screen, and the common denominator between readers of this site is often going to be expeida, but I very much doubt it is them - it is just that this trojan is very widespread right now, and people will get infected by coincidence around the same time they are at expedia.
PS. Can someone move this thread to the the travel tech board, it doesn't belong here, and is essentially libellous to expedia.
I downloaded the script and analysed and sent it to MS, and they neither responded nor fixed it.
Usually what happens is that some website has a rogue advertiser that inserts the bad code into their ad, or simply triggers a pop-up to a page with the bad script.
The hackers I guess have figured that these fake spyware scanners installed via a trojan/virus/vulnerability are more lucrative than stealing your personal data (or maybe they do that as well).
I do not believe that this happened because of expedia, more likely the situation is there is a gaping hole in the Internet Explorer security and more and more websites are trying to exploit it (maybe you have been to a cookery website or someone's blog, and they signed up with an ad agency that took one of these trojans (usually by accident on the part of the ad agency)). The install is very discrete, they use a hidden window positioned off screen, and the common denominator between readers of this site is often going to be expeida, but I very much doubt it is them - it is just that this trojan is very widespread right now, and people will get infected by coincidence around the same time they are at expedia.
PS. Can someone move this thread to the the travel tech board, it doesn't belong here, and is essentially libellous to expedia.
Jan 14, 2010, 3:06 am
#13
FlyerTalk Evangelist
Join Date: Nov 1999
Programs: FB Silver going for Gold
Posts: 21,801
If using Firefox, there are ways to block the ads (not supposed to mention them here IIRC), block Flash, and prevent scripts not relevant to the website from running so you never see them, among many other annoyances. Might want to turn off Java as an additional precaution.
See: http://www.flyertalk.com/forum/trave...-websites.html
See: http://www.flyertalk.com/forum/trave...-websites.html