Search
Sign in with
Sign up | Sign in
23 comments

FBI Warns of Malicious Hotspots, Evil Hotel Internet

By - Source: FBI

The fact that hotel Internet connections are now being used as a malware gateway may not be as surprising as the fact that it took so long until this loophole was actively exploited.

The FBI is warning Americans that hackers are attempting to install malware on computers via the sign-in process commonly used by hotels. The problem apparently does not affect the U.S., but hotels abroad. During the log-in, travelers have reported additional pop-up windows that suggest the update of a "widely used" software for which "updates are frequently available".

Common sense suggest to be always careful with such update and download requests, especially if they are communicated via a pop-up window. Needless to say, there is no update, but downloaded and installed malware instead.

Those who were tricked into the download of the "update", are asked to immediately contact their local FBI office, and "promptly report it" to the IC3's website.

You need to be logged to post a comment

There are 23 Comments. B
Top Comments
  • 11 Ð
    Devoteicon , May 11, 2012 5:44 AM
    The posted to IC3's website is broken. You left out "v" at the end of ".gov".
Other Comments
  • -1 Ð
    __-_-_-__ , May 11, 2012 5:06 AM
    so stupid. why hotels? anyway can make a fake AP in 5min just by googling.
  • 1 Ð
    buzznut , May 11, 2012 5:27 AM
    Gullible people away from home and jonesin for the internet. People are accustomed to unsecured networks in hotels, airports, etc.
  • 11 Ð
    Devoteicon , May 11, 2012 5:44 AM
    The posted to IC3's website is broken. You left out "v" at the end of ".gov".
  • 2 Ð
    aoneone , May 11, 2012 6:10 AM
    Only a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...
  • -6 Ð
    cadder , May 11, 2012 6:34 AM
    I took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.
  • 0 Ð
    chickenhoagie , May 11, 2012 6:49 AM
    __-_-_-__so stupid. why hotels? anyway can make a fake AP in 5min just by googling.

    Hotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead, and by the person seeing that they need to login to the supposed hotel wifi via their browser, they think its legit.
  • 2 Ð
    mdahlke , May 11, 2012 7:37 AM
    missed the g in your code for website link
  • 5 Ð
    fb39ca4 , May 11, 2012 8:16 AM
    Hotel internet is evil anyways. $13 )(*&@#()* bucks a day, you have to be kidding me.
  • 3 Ð
    mavroxur , May 11, 2012 10:11 AM
    Rogue hotspots have been around forever. This is nothing new.
  • 7 Ð
    alchemy69 , May 11, 2012 11:24 AM
    You can log in any time you want, but you can never leave.
  • 4 Ð
    ceteras , May 11, 2012 3:25 PM
    @cadder

    Cool story, bro!
  • 0 Ð
    SteelCity1981 , May 11, 2012 5:15 PM
    that's ok i don't update software unless i have to i'm not a software update nazi so it won't effect me. :) 
  • 2 Ð
    Memnarchon , May 11, 2012 5:50 PM
    Diablo is back! Evil is everywhere!
  • 1 Ð
    Solandri , May 11, 2012 6:04 PM
    chickenhoagieHotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead

    I've mostly given up on wifi at hotels. They frequently have too much space between hotspots, meaning half the time the signal is too weak from inside my room for a reliable connection.

    Instead, I've started carrying a portable router/WAP when I travel, and just plug that into the wired Internet connection in the room. That guarantees I have a strong wifi signal within the room, and avoids any malicious fake hotspots. It also has the advantage of only having to sign into the hotel network once, then the entire family can connect to it (I just set the SSID and pw to be the same as my home network).
  • 1 Ð
    hoofhearted , May 11, 2012 7:27 PM
    Doesn't take much for one to copy the hotel's credit card HTML, setup DDWRT and ones own Radius server and said HTML and voila, logging credit card credentials to a mysql database and just passing through to the real hotel service. That is why I never use public wifi hotspots, letalone NEVER put in credit card info.
  • 5 Ð
    onanonanon , May 11, 2012 7:56 PM
    cadderI took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.

    I was expecting you to move to Bel Air by the end of that post. Honestly.
  • 2 Ð
    rosen380 , May 11, 2012 8:16 PM
    A fresh OS install takes a couple of hours, less on a new computer without much to backup and restore. I'd probably try that long before I got two years down the road dealing with malware/viruses...
  • -5 Ð
    theoneknownasnalyd , May 11, 2012 8:22 PM
    ...if people would just install Linux, no one could possibly fall for this (unless they are missing their frontal lobe)! Because Linux distributions have central software repositories, and their own central updating software, the need to download updates from a browser is almost non-existent; thus making the malicious software update more apparent. But 74% of people are still running Windoze, so at least 37% will still fall for this ploy.
  • 1 Ð
    kentlowt , May 11, 2012 11:47 PM
    aoneoneOnly a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...

    The problem is most computer users are not savvy. Most are not as experience as the people that post here. So it seems the article is "preaching to the choir".
  • 1 Ð
    gm0n3y , May 12, 2012 12:30 AM
    This is why all computers should have a built in VM for use when accessing public wifi.
Display more comments
Related Content