Scareware Haunts Airport Internet Terminals
Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services
This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.
Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual "Defense Center Installer" dialog box. "Defense Center Installer" is a fake anti-virus software, also known as "scareware".
This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection. It's also common for this type of malware to try to uninstall legitimate anti-virus software, including Symantec's Norton Anti-Virus. Windows Security Center is visible in the background, claiming that no anti-virus software is installed. Fake anti-virus malware often uses Windows APIs to manipulate the information displayed in Windows Security Center so that Windows claims no anti-virus software is installed, further encouraging unsuspecting users to purchase fake anti-virus software.
While this particular "scareware" will only infect the internet terminal it is an indicator that these terminals are inadequately protected and vulnerable to a full range of malware. As an example of potential threats consider that a keylogger on one of these terminals could capture a person’s user name and password for their airline account, bank account, webmail, social media account, or any other private account used on the terminal potentially compromising those accounts. Unlike the "scareware", which makes its presence known, there is no obvious indicator that a keylogger is active.
Exercise extreme caution whenever using publicly available internet access terminals and avoid any action that requires signing on to personal or corporate accounts. A few minutes of checking email could result in a serious security event -- the connivance of a moment requiring days and hours of painful recovery.