Travel virus infection, 29/07/2010
Czech IT firm avast! has monitored a rise in holiday and travel related websites within the UK with malware and virus infection in the month of July. However, a new trend is the exploitation of weak security around “search and price comparison sites” such as www.summersearch.co.uk, a website that as of the 28/07 is infected with the JS:Kroxxu family of Malware.

“Many of these sites are typically just holding pages for a catchy URL with very little substance behind them,” says Ondrej Vlcek AVAST Software CTO, “In the summersearch example, the site is just a front end to a Kelkoo search engine but anybody clicking on any links on the page without proper antivirus protection could be infected by malware.”

The JS:Kroxxu is slightly different from usual web malware in that the hacked domains are cross-referenced during an attack. It means that one infected domain just redirects visitors to another infected domain which then finally serves up malware using the latest exploits.

There is no suggestion that Kelkoo or any of the established search aggregators or price comparison services have any Viruses or Malware. However, the open interfaces into these services allows other less well protected or unscrupulous websites to place a simple graphic user interface over their sites and provide price comparison services under their own brand.

Vlcek also notes that many of the infected travel and holiday related websites are small businesses. “There are a few websites for camping holidays and villa rental for example that have infections. As far as we can tell, these are all legitimate and in many cases small family run businesses that have had their websites infected without their knowledge,” he says.

Research from avast suggests that 99pc of virus and malware infections spread from perfectly legitimate sites that may have been unknowingly infected or hijacked – highlighting the need for all users to run some form of antivirus protection at all times.

“The other area we are warning about is spam mail directing users to fake sites that offer holiday offers that are too good to be true,” comments Vlcek, “No antivirus software will stop a fraudulent offer but there are some telltale signs like websites with no contact phone number, registered office or secure transaction processing facilities that should raise alarm bells.”

Vlcek warns users about giving sensitive credit or debit card details for holiday deals that arrive from unsolicited emails. Considering that the UK’s 8 major tour operators and low cost airlines between them account for 90%+ of all overseas holidays, unknown brands may well be a dangerous gamble.

“Make sure your antivirus is updated and be cautious around giving out details to websites with no verifiable status,” Vlcek adds.

avast! Software receives non-stop information about infected sites thanks to its CommunityIQ global network of sensors. This data, taken from the actual web browsing experiences of an opt-in group, is then used to protect all avast! users by blocking their access to infected sites.
Source: http://www.avast.com << back
 
 
© Professional Security Magazine 2006