FBI Warns of Malware Attacks Through Hotel Internet Services

The FBI warned people traveling abroad that attackers are targeting users on hotel networks by tricking them into installing malware under the guise of software updates. The agency's Internet Crime Complaint Center says any government, business or academic personnel traveling abroad should be especially wary.

The FBI issued an advisory this week alerting international travelers about attempts to infect their computers with malware when they log on to hotel networks.

In an intelligence note from the FBI's Internet Crime Complaint Center (IC3), the agency warned that attackers have been targeting travelers abroad when they use the Internet connection in their hotel rooms. According to the FBI, when the victims attempted to set up the hotel room Internet connection, they were presented with a pop-up window notifying them to update a "widely-used software product."

"If the user clicked to accept and install the update, malicious software was installed on the laptop," according to IC3. "The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available."

The FBI recommends checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor, and advises travelers to update the software on their laptops immediately before traveling.

The warning follows a December report from Bloomberg that cited unnamed sources alleging that iBAHN, one of the largest providers of hotel Internet service in the world, had been compromised. The company has denied the accusation. The FBI warning does not include any information about specific hotel chains or service providers.

The scant details offered in the intelligence note, however, make it difficult to know exactly what travelers should do beyond the basics, argued Graham Cluley, senior technology consultant at Sophos.

"What's fascinating about the advisory is what it doesn't say," he blogged. "And without more information it's hard to know how computer users are supposed to take meaningful action to protect themselves other than follow the normal advice of running security software, being careful what you install, running a VPN to hide your browsing from snoopers, etc.

"It's certainly very peculiar that the FBI didn't share more information in its warning, or mention where in the world it believes it has seen these attacks taking place," he added. "By coincidence, earlier this week, for the first time in almost ten years, a Chinese defense minister visited the United States. The day before the FBI's warning was issued, US Defense Secretary Leon Panetta met his Chinese counterpart Liang Guanglie in Washington DC, and told the world's press that the two countries must work together to avoid cyber war, and emphasized the importance of the relationship between China and the USA."

There is inherent risk in connecting to public WiFi networks due to the ability of attackers to target unsuspecting users and peddle scams and malware, said John Harrison, senior manager at Symantec Security Response.

"It is also unfortunately all too easy for hackers to set up rogue WiFi access points with the sole purpose of intercepting your Internet traffic€”whether that is accessing your social media and financial accounts or tricking users with fake software updates," he said. "Just because a network name says 'Free WiFi,' 'Hotel XYZ WiFi' or even the brand name of your ISP or coffee shop does not ensure it is legitimate.

"Corporate users should only connect to their networks using VPN software to ensure encrypted connections between their laptops and their corporate networks," Harrison added.

"Beyond that, standard security best practices apply: They should use a modern endpoint or Internet security software on their computers and mobile devices, and they should be wary of any pop-ups requesting them to download updates and other potential social engineering scams. Software updates should only be installed through corporate software updating mechanisms, internal servers or by users going directly to their software publishers' Websites."