All the latest UK technology news, reviews and analysis

FBI warns business travellers of hotel Wi-Fi malware scam

09 May 2012
Will you have to rekey account details

The Federal Bureau of Investigation (FBI) has discovered a new malware threat masquerading as an official software update that attempts to install itself through hotel internet Wi-Fi connections.

The department's Internet Crime Complaints Centre (IC3) reported discovering the malware on Tuesday and warned it is particularly dangerous for business travellers as it could help steal corporate data.

"Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while establishing an internet connection in their hotel rooms," read IC3's statement.

"The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection."

The centre gave no further details about the malware's capabilities or which hotel chains' networks it has discovered the malware running on.

At the time of publishing neither the FBI nor IC3 have responded to V3's request for clarification.

Trend Micro security researcher Rik Ferguson said the attack method being used by the criminals was not new, but could certainly be successful.

"It is not unusual to find that your computer may be running an out-of-date version of one application or another that is necessary to view a particular web page at a given time. For this reason it provides perfect cover for distribution of malware," he told V3.

"Combining this tried and tested technique with the hotel wireless login scenario increases the credibility of the attack and makes it more likely to be successful. Users are on an unfamiliar network, with often unfamiliar access and login methods and the unexpected is often mistaken for normal behaviour."

The discovery follows on from recent research by Imperva suggesting hackers are evolving new ways to target companies' corporate data.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs One M8 video review

Galaxy S5 vs HTC One M8 video review

We see which Android contender is best for business

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Mid/Senior level Java Developers - Multiple Roles (Java/J2EE)

Mid/Senior level Java Developers - Java, J2EE/ JEE...

Software Engineer

Software Developer C#/.NET I am currently recruiting...

Marketing Director Contract Central London

Marketing Director Required | Long Term contract | Leading...

Web Application Developers - multiple positions

My client, a bespoke software house in the heart of Devon...
To send to more than one email address, simply separate each address with a comma.