FBI Warns of Malicious Hotspots, Evil Hotel Internet

[Guest]

The fact that hotel Internet connections are now being used as a malware gateway may not be as surprising as the fact that it took so long until this loophole was actively exploited.

FBI Warns of Malicious Hotspots, Evil Hotel Internet : Read more

 

[__-_-_-__]

so stupid. why hotels? anyway can make a fake AP in 5min just by googling.

 

[buzznut]

Gullible people away from home and jonesin for the internet. People are accustomed to unsecured networks in hotels, airports, etc.

 

[Devoteicon]

The posted to IC3's website is broken. You left out "v" at the end of ".gov".

 

[aoneone]

Only a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...

 

[cadder]

I took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.

 

[chickenhoagie]

[citation][nom]__-_-_-__[/nom]so stupid. why hotels? anyway can make a fake AP in 5min just by googling.[/citation]
Hotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead, and by the person seeing that they need to login to the supposed hotel wifi via their browser, they think its legit.

 

[mdahlke]

missed the g in your code for website link

 

[fb39ca4]

Hotel internet is evil anyways. $13 )(*&@#()* bucks a day, you have to be kidding me.

 

[mavroxur]

Rogue hotspots have been around forever. This is nothing new.

 

[alchemy69]

You can log in any time you want, but you can never leave.

 

[ceteras]

@cadder

Cool story, bro!

 

[SteelCity1981]

that's ok i don't update software unless i have to i'm not a software update nazi so it won't effect me.

 

[Memnarchon]

Diablo is back! Evil is everywhere!

 

[Solandri]

[citation][nom]chickenhoagie[/nom]Hotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead[/citation]
I've mostly given up on wifi at hotels. They frequently have too much space between hotspots, meaning half the time the signal is too weak from inside my room for a reliable connection.

Instead, I've started carrying a portable router/WAP when I travel, and just plug that into the wired Internet connection in the room. That guarantees I have a strong wifi signal within the room, and avoids any malicious fake hotspots. It also has the advantage of only having to sign into the hotel network once, then the entire family can connect to it (I just set the SSID and pw to be the same as my home network).

 

[hoofhearted]

Doesn't take much for one to copy the hotel's credit card HTML, setup DDWRT and ones own Radius server and said HTML and voila, logging credit card credentials to a mysql database and just passing through to the real hotel service. That is why I never use public wifi hotspots, letalone NEVER put in credit card info.

 

[onanonanon]

[citation][nom]cadder[/nom]I took my new WinXP laptop to a hotel in Las Vegas about 7 or 8 years ago. I had just gotten it and had not had time to set it up so I was running Internet Explorer. As soon as I connected to the hotel wifi it downloaded a batch of malware into my computer. It took me two years to finally get all traces of it off of the computer. At some times the advertising windows would pop up on the screen fast enough to look like a video game and it was a full time process just to close them. I thought I would doublecross the malware by erasing IE from the hard drive so I did it. Then I watched in amazement as the malware tried to run IE and since IE was not found the malware or the OS searched the internet, found IE, downloaded it and installed it.[/citation]
I was expecting you to move to Bel Air by the end of that post. Honestly.

 

[rosen380]

A fresh OS install takes a couple of hours, less on a new computer without much to backup and restore. I'd probably try that long before I got two years down the road dealing with malware/viruses...

 

[theoneknownasnalyd]

...if people would just install Linux, no one could possibly fall for this (unless they are missing their frontal lobe)! Because Linux distributions have central software repositories, and their own central updating software, the need to download updates from a browser is almost non-existent; thus making the malicious software update more apparent. But 74% of people are still running Windoze, so at least 37% will still fall for this ploy.

 

[kentlowt]

[citation][nom]aoneone[/nom]Only a complete idiot would let this happen. How can anyone who is computer savvy actually allow programs to be installed from a) a website on an unsecured network b) in a public wifi spot and c) an update notification that is NOT windows/mac updates? You'd have to be a complete moron to let this happen I'm sorry but seriously...[/citation]
The problem is most computer users are not savvy. Most are not as experience as the people that post here. So it seems the article is "preaching to the choir".

 

[gm0n3y]

This is why all computers should have a built in VM for use when accessing public wifi.

 

[beardguy]

There's always going to be noobs falling for these tricks, just a fact.

 

[rosen380]

No different than people falling for the 'Your Nigerian uncle died and left you a fortune, send us $10k to claim it' or 'Give us your money and we guarantee you 15% annual gains' or 'No, it isn't a pyramid scheme-- it is multi-level marketing'... etc

 

[__-_-_-__]

[citation][nom]chickenhoagie[/nom]Hotel related AP names are used I believe, so for when a person staying at a hotel is searching for the wifi, they may connect to the malicious connection instead, and by the person seeing that they need to login to the supposed hotel wifi via their browser, they think its legit.[/citation]
that's what a fake ap is.