Scareware Haunts Airport Internet Terminals
Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services
This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.
Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual "Defense Center Installer" dialog box. "Defense Center Installer" is a fake anti-virus software, also known as "scareware".
This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection. It's also common for this type of malware to try to uninstall legitimate anti-virus software, including Symantec's Norton Anti-Virus. Windows Security Center is visible in the background, claiming that no anti-virus software is installed. Fake anti-virus malware often uses Windows APIs to manipulate the information displayed in Windows Security Center so that Windows claims no anti-virus software is installed, further encouraging unsuspecting users to purchase fake anti-virus software.
While this particular "scareware" will only infect the internet terminal it is an indicator that these terminals are inadequately protected and vulnerable to a full range of malware. As an example of potential threats consider that a keylogger on one of these terminals could capture a person’s user name and password for their airline account, bank account, webmail, social media account, or any other private account used on the terminal potentially compromising those accounts. Unlike the "scareware", which makes its presence known, there is no obvious indicator that a keylogger is active.
Exercise extreme caution whenever using publicly available internet access terminals and avoid any action that requires signing on to personal or corporate accounts. A few minutes of checking email could result in a serious security event -- the connivance of a moment requiring days and hours of painful recovery.
About Symantec Intelligence
The Symantec Intelligence Blog published by Symantec.cloud serves as a conduit for communicating Intelligence data, trends and statistics based on analysis of cyber security threats, trends and insights from the Symantec Intelligence team comprised of many world-renowned malware and spam experts. Sitting on the front lines of defense, they have a global view of threats across multiple communication protocols drawn from the billions of web pages, email and IM messages they monitor each day. Filter by:
Recently on Twitter
- Notable calendar events in 2012 likely to become exploited with spam, phishing and malware http://t.co/i2uNOSAx27 Jan 2012
- Olympic games become a hot topic for spammers and cyber criminals http://t.co/i2uNOSAx Symantec Intelligence Report27 Jan 2012
- Spammers using “Top 10” lists to lure potential victims. http://t.co/i2uNOSAx Symantec Intelligence Report26 Jan 2012
- Spammers kick off the New Year with more than 10,000 compromised domain names http://t.co/i2uNOSAx26 Jan 2012
- RT @paulowoody: Latest podcast from me talks about the key findings in the latest Symantec Intelligence report for January: http://t.co/ ...26 Jan 2012
Comments
Use Airport Internet with Caution via EVS
[...] In an article posted last week via Symantec Connect blog, Senior Software Engineer Nick Johnston brings to mind yet another environment where any regular businessperson might assume his- or herself safe to take advantage of a convenient public computer terminal: the airport. [...] http://bit.ly/c12xkw
Would you like to reply?
Login or Register to post your comment.