FBI: Beware of software updates on hotel connections

FBI: Beware of software updates on hotel connections

Summary: Cyber-criminals are using pop-up warnings on hotel connections to plant malware on computers.

SHARE:

Road warriors beware: Cyber-criminals are using pop-up alerts on hotel Internet connections to trick computer users into downloading malware.

According to to a warning from the FBI's Internet Crime Complaint Center (IC3), the pop-up lures are appearing while users are establishing an Internet connection in their hotel rooms.

"In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available," the IC3 said.

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad.

As I wrote in the 10 little things to secure your online presence article, computer users who log on to public networks should get into the habit of using a VPN to encrypt web sessions and keep private data out of the hands of hackers.

Topics: CXO, Browser, Government, Government US, Software, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • So, was this a JAVA update scam?

    "widely-used software product" ? Anyone know?
    droidfromsd
    • @droidfromsd

      I was thinking adobe flash, but it could be Java as well.
      rustgeun
      • Um

        It could be ANY platform. And it's easiest to trick the user into giving up details or downloading a platform-specific payload.

        The current fad is blaming some plug-in, but - in reality - it's tricking the end user that counts the most.
        HypnoToad72
    • Flash, Acrobat, Java, Windows, Word...

      there are plenty of possibilities...
      HypnoToad72
  • *cough flash cough*

    ive seen it
    Scarface Claw
  • I never use hotel internet

    I carry my datacard always. I never trusted Hotel, Airport, coffee shops or any other free internets.
    Ram U
  • Bookmark

    This is the kind of useful tech article that I bookmark. For later reference to it and the two valuable links. Also to pass this savvy info onto certain others.
    PreachJohn
    • A TECH article?

      Useful, yes, any reminder is useful, when the zone of the maximum risk known it is double useful. But tech? If I can present any dialogs to you, whose computer is it already? There is no explanation of what is done to a hotel network, the article is anything but technical.
      gak@...
      • The original is no better.

        Unfortunately the original article at ic3.gov doesn't seem to provide any more data. The description, "In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window" makes me suspect the hotel's own ISP is compromised, or perhaps the actual source of the malware. If the popup happened after the user had established internet service, I'd wonder whether somebody was carrying out some sort of DNS redirection.
        RoverDaddy
      • +1 Up By Mistake

        Meant it for RoverDaddy.
        PreachJohn