FBI Issues Warning on Hotel Internet Connections

The FBI today warned travelers there has been an uptick in malicious software infecting laptops and other devices linked to hotel Internet connections.

By Michael Cooney
Wed, May 09, 2012
Page 2

Blackhole exploit kit updated: According to the IC3, Blackhole is currently the most widely purchased exploit pack in the underground market. An exploit pack is a software toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash.

On March 25, 2012, the Blackhole Exploit Kit 1.2.3 was released, IC3 stated. This kit included the latest critical vulnerability in Java, allowing the bypassing of Java's sandbox environment. Java's sandbox is designed to provide security for downloading and running Java applications, while preventing them access to the hard drive or network. New malware samples appearing in the wild have been highly successful at exploiting this flaw and it is estimated at least 60% of Java users have not yet patched against it.

CPA malware: The IC3 reported an increase in unsolicited e-mails titled "[BULK] Termination of your CPA license." One example of the many e-mail addresses used was support@aicpa.org. The IC3 has also received complaints reporting this spam campaign. The e-mails were purportedly from The American Institute of Certified Public Accountants concerning a complaint filed against the recipient for filing fraudulent tax refunds for their clients. A link was provided for the recipient to view the complaint. Recipients were advised to provide feedback within a specific period of time and threatened with possible termination of their accountant licenses if they failed to do so, the IC3 stated.

Scamming your own car? The IC3 said it received several complainants reported about a scam involving the advertising of a company's logo on personal vehicles.

"Although legitimate offers exist, those scammed reported to the IC3 that initial contact with the subject was mostly through online ad postings. The posting offered an easy way to earn extra income by allowing businesses to advertise their logo on the complainant's personal vehicle through a vinyl decal or "auto wrap." The fraudsters were using company names such as Coca Cola, Monster Energy drink, Carlsberg beer, Heineken Co., and Red Bull. Individuals were advised they would be paid an average of $400 to $600 per week in exchange for driving around with vinyl advertising signs wrapped around their vehicle. Those interested in participating were asked to provide their contact information and vehicle details. They were promised an up-front payment, which would be sent by check or money order," the IC3 stated.

According to the IC3 those who fell for the scam got a check or money order for more than the promised amount. They were directed to cash it and wire the difference to a third party, who was supposed to be the graphics designer to pay for the cost of the design. The checks and money orders turned out to counterfeit and the criminals, once again, were able to convert fraudulent checks and money orders into untraceable cash, leaving the victim responsible for the bank's losses.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Read more about wide area network in Network World's Wide Area Network section.

Originally published on www.networkworld.com. Click here to read the original story.
Our Commenting Policies