Scareware hits UK airport terminals

Public terminals such as those in airport lounges could harbour malicious software

Security experts are warning users to exercise extreme caution when using publicly available internet access terminals after malware was discovered on a terminal in a UK airport lounge.

In a blog post, Symantec Hosted Services senior software engineer Nick Johnston explained that on a recent trip he noticed one of the internet connected PCs in a “large airport in England” was infected with fake anti-virus software known as "Defense Center Installer".

“This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection,” he explained.

“It's also common for this type of malware to try to uninstall legitimate anti-virus software, including Symantec's Norton Anti-Virus.”

Johnston added that the scareware had also used Windows APIs to manipulate the information displayed in Windows Security Center, making it look like Windows is claiming there is no AV installed.

He argued that far more malicious threats than scareware could be present at such internet connected terminals including keyloggers, which could harvest sensitive user account information such as webmail or online banking log-ins.

“Exercise extreme caution whenever using publicly available internet access terminals and avoid any action that requires signing on to personal or corporate accounts,” he said.

“A few minutes of checking email could result in a serious security event.”

Scareware or fake AV has become one of the favourite methods for cyber criminals to make money. Just this week, Sophos warned of a widespread spam campaign designed to infect users with fake anti-virus products.

In May, US federal prosecutors filed charges against three men for tricking internet users into buying over $100m (£69m) worth of fake security software.