A US government agency is warning travellers to be wary of malware that installs itself via pop-up browser windows on hotel internet connections. The malicious dialogue boxes typically pose as software updates to legitimate software products, an advisory from the FBI's Internet Crime Complaint Center (IC3) explains. "The FBI …
Funny, it sounds just like the sort of thing US TLAs would do to get into your computer.
Why not, if it works?
Spear phishing is spear phishing.
Updates turned off
As they seem to charge you so much for your connection, why waste your time and money updating abroad anyway? A bare bones machine for going away with seems to be the order of the day, with nothing much installed on it.
Re: Updates turned off
A bare-bones machine may not be an option for business travellers, unless they can get their required spreadsheets, docs, etc. from head office's system via a secure VPN connection (e.g., using something like a SecurID card).
Yes, and remember that European money must be spent or changed into Dollars the day you get it or it will become worthless.
[Actual experience of working with 'merkins. Against all advice they made me stop at the Bureau de Change at a motorway border crossing and changed several thousand Swiss francs at a terrible exchange rate]
The Americans forced you to change CHF or they forced you to stop so they could change CHF?
Sorry, your rambling, incoherent comment was hard to follow.
That's complete and utter BOLLOX!!!!!!!!!!!
"Yes, and remember that European money must be spent or changed into Dollars the day you get it or it will become worthless."
Did the 'cashiers' wore their baseball caps the wrong way around? Where they 'hoodies?' I've travelled to US loads of times. I know.
Did You visit America, or thought Disneyland, Paris was US????
In more recent news....
.... Noah has built an Ark.
Yeah, that sounds about right.
We all know that wifi is by nature insecure, but using fake software updates via wifi is a whole new level of nastiness.
I've heard of hotels using wifi set up with very strange filtering (presumably to stop pr0n downloading) and it asks you to agree to a whole slew of terms and conditions via popups before granting access.
On one occasion I had to later go into Firefox and remove a toolbar which simply wasn't there before, pretty sure it got in via this mechanism.
AC/DC and if anyone figures out how to upload a virus using "intelligent" power supplies I wll hunt them down, remove their heart for sale on the black market and give them a second rate "Crank 2" style replacement made by the lowest bidder....
Well, the warning is certainly appreciated, but...
...anyone who falls for a pop-up that appears out of nowhere and tells them they need to update their software while on a strange WiFi connection has got to be... shall we say... hopelessly goddamn' rock stupid.
Of course, one of the first things I did after installing my current Adobe Creative Suite was to turn off auto-updating and create a "deny forever" connection rule in LittleSnitch for all my Adobe CS apps. Turning auto-updating off in Firefox -- and everything else with the ability to auto-update -- pretty much goes without saying.
Re: Well, the warning is certainly appreciated, but...
You're confusing ignorance and stupidity. Easily done when you suffer from at least the first, I suppose :)
"malware that installs itself via pop-up browser windows"
Now, now, there's no need to be nasty when talking about Microsoft...
Using ANY network (WiFi or Wired) carries a risk unless you know who has configured it, interception and redirection is just so easy.
Any mention of the Operating system the malware is targeting or is it just the usual suspect?
Browser versus OS security
Pop-up: "WARNING! You need to update your software NOW!"
Really? Oh, OK then... ah, small hitch-ola: do you have anything for Arch Linux?
Re: Pop-up: "WARNING! You need to update your software NOW!"
Y'know what I always got a laugh out of was -- while visiting any given site -- getting a pop-up window with an alert dialog box flashing a warning that malware has been detected on my system, and that I needed to visit some other site for a free malware scan and AV software download. It was absurdly easy to tell it was bogus, as the pop-up was always designed to look like a Windows XP alert dialog, and I was visiting the site from a Mac.
Granted, there's been more OSX-targeted malware/scamware going around lately, but it's still pretty easy to tell as -- with a proper set of Firefox extensions -- I can determine if it's a fake alert dialog by control-clicking on the alleged alert dialog to see if it's either an animated .gif or a Flash animation, and where it's loading from. This is assuming I even see them in the first place; I've got some fairly iron-fisted pop-up blocking rules set up in Firefox.