Sign in with
Sign up | Sign in

FBI Warns of Malicious Hotspots, Evil Hotel Internet

By - Source: FBI | B 23 comments

The fact that hotel Internet connections are now being used as a malware gateway may not be as surprising as the fact that it took so long until this loophole was actively exploited.

The FBI is warning Americans that hackers are attempting to install malware on computers via the sign-in process commonly used by hotels. The problem apparently does not affect the U.S., but hotels abroad. During the log-in, travelers have reported additional pop-up windows that suggest the update of a "widely used" software for which "updates are frequently available".

Common sense suggest to be always careful with such update and download requests, especially if they are communicated via a pop-up window. Needless to say, there is no update, but downloaded and installed malware instead.

Those who were tricked into the download of the "update", are asked to immediately contact their local FBI office, and "promptly report it" to the IC3's website.

Display 23 Comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    Devoteicon , May 10, 2012 10:44 PM
    The posted to IC3's website is broken. You left out "v" at the end of ".gov".
Other Comments
  • -1 Hide
    __-_-_-__ , May 10, 2012 10:06 PM
    so stupid. why hotels? anyway can make a fake AP in 5min just by googling.
  • 1 Hide
    buzznut , May 10, 2012 10:27 PM
    Gullible people away from home and jonesin for the internet. People are accustomed to unsecured networks in hotels, airports, etc.
  • 11 Hide
    Devoteicon , May 10, 2012 10:44 PM
    The posted to IC3's website is broken. You left out "v" at the end of ".gov".
  • 2 Hide
    aoneone , May 10, 2012 11:10 PM
    Only a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...
  • -6 Hide
    cadder , May 10, 2012 11:34 PM
    I took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.
  • 0 Hide
    chickenhoagie , May 10, 2012 11:49 PM
    __-_-_-__so stupid. why hotels? anyway can make a fake AP in 5min just by googling.

    Hotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead, and by the person seeing that they need to login to the supposed hotel wifi via their browser, they think its legit.
  • 2 Hide
    mdahlke , May 11, 2012 12:37 AM
    missed the g in your code for website link
  • 5 Hide
    fb39ca4 , May 11, 2012 1:16 AM
    Hotel internet is evil anyways. $13 )(*&@#()* bucks a day, you have to be kidding me.
  • 3 Hide
    mavroxur , May 11, 2012 3:11 AM
    Rogue hotspots have been around forever. This is nothing new.
  • 7 Hide
    alchemy69 , May 11, 2012 4:24 AM
    You can log in any time you want, but you can never leave.
  • 4 Hide
    ceteras , May 11, 2012 8:25 AM
    @cadder

    Cool story, bro!
  • 0 Hide
    SteelCity1981 , May 11, 2012 10:15 AM
    that's ok i don't update software unless i have to i'm not a software update nazi so it won't effect me. :) 
  • 2 Hide
    Memnarchon , May 11, 2012 10:50 AM
    Diablo is back! Evil is everywhere!
  • 1 Hide
    Solandri , May 11, 2012 11:04 AM
    chickenhoagieHotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead

    I've mostly given up on wifi at hotels. They frequently have too much space between hotspots, meaning half the time the signal is too weak from inside my room for a reliable connection.

    Instead, I've started carrying a portable router/WAP when I travel, and just plug that into the wired Internet connection in the room. That guarantees I have a strong wifi signal within the room, and avoids any malicious fake hotspots. It also has the advantage of only having to sign into the hotel network once, then the entire family can connect to it (I just set the SSID and pw to be the same as my home network).
  • 1 Hide
    hoofhearted , May 11, 2012 12:27 PM
    Doesn't take much for one to copy the hotel's credit card HTML, setup DDWRT and ones own Radius server and said HTML and voila, logging credit card credentials to a mysql database and just passing through to the real hotel service. That is why I never use public wifi hotspots, letalone NEVER put in credit card info.
  • 5 Hide
    onanonanon , May 11, 2012 12:56 PM
    cadderI took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.

    I was expecting you to move to Bel Air by the end of that post. Honestly.
  • 2 Hide
    rosen380 , May 11, 2012 1:16 PM
    A fresh OS install takes a couple of hours, less on a new computer without much to backup and restore. I'd probably try that long before I got two years down the road dealing with malware/viruses...
  • -5 Hide
    theoneknownasnalyd , May 11, 2012 1:22 PM
    ...if people would just install Linux, no one could possibly fall for this (unless they are missing their frontal lobe)! Because Linux distributions have central software repositories, and their own central updating software, the need to download updates from a browser is almost non-existent; thus making the malicious software update more apparent. But 74% of people are still running Windoze, so at least 37% will still fall for this ploy.
  • 1 Hide
    kentlowt , May 11, 2012 4:47 PM
    aoneoneOnly a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...

    The problem is most computer users are not savvy. Most are not as experience as the people that post here. So it seems the article is "preaching to the choir".
  • 1 Hide
    gm0n3y , May 11, 2012 5:30 PM
    This is why all computers should have a built in VM for use when accessing public wifi.
Display more comments