Strange as it seems, people like to go on holiday in summer. That means that holiday sites take a beating – but some are loaded with malware, which has prompted Avast to issue a warning.
The anti-virus company has been monitoring a rise in infected UK holiday and travel related websites, spotting viruses and other malware. There’s a new trend on the block: the exploitation of weak security around search and price comparison sites — you know, the sort that pull together results from multiple sites to present you with a list of products and services, all neatly arranged in relevance, popularity or price order.
Many of the names of such sites you’ll recognise from other web searches. There’s no suggestion that Kelkoo or any of the main search aggregators or price comparison services contain viruses or malware, says Avast. However, the open interfaces into these services allows other less well-protected or unscrupulous websites to place a simple graphical user interface over their sites and provide price comparison services under their own brand.
“Many of these sites are typically just holding pages for a catchy URL with very little substance behind them,” reckons Avast’s chief technology officer Ondrej Vlcek. One of the sites he cites (!) is www.summersearch.co.uk. “This site is just a front end to a Kelkoo search engine but anybody clicking on any links on the page without proper anti-virus protection could be infected by malware,” said Vlcek.
That site is infected with the JS:Kroxxu family of malware, and it’s slightly different from usual web malware in that the hacked domains are cross-referenced during an attack. It means that one infected domain just redirects visitors to another infected domain which then finally serves up malware using the latest exploits.
There are other infections too, according to Vlcek: “There are a few websites for camping holidays and villa rental for example that have infections. As far as we can tell, these are all legitimate and, in many cases, small family-run businesses that have had their websites infected without their knowledge.”
This kind of infection is by far the most common but Avast is also seeing spam mail directing users to fake sites that offer holiday offers that are too good to be true. Tell-tale signs are websites with no contact phone number, registered office or secure transaction processing facilities.
Users need to beware too of unsolicited emails — be very wary of unknown brands, says Vlcek. “Make sure your anti-virus is updated and be cautious around giving out details to websites with no verifiable status,” he said.
All that said – have a great holiday and try not to worry too much!
Two quick security updates
If you’re a Facebook user, you need to know that a 2.8 GB database containing the names and public information of every searchable user’s profile — that covers 170 million people — has been made publicly available. This is only the latest in a string of security issues to hit the site, including applications that steal information about you and confidentiality settings that confuse and seem designed to persuade you to make increasing amounts of data available to the world.
FB said that the information in the database was public knowledge anyway and nothing to worry about but, as one expert pointed out, the Internet is chock-a-block with data but, until someone organises it in a particular way, it’s often not very useful. The profiles of every FB user collected in one place just might be useful for all sorts of nefarious practices. There’s more on this story here.
Finally, I note this week that Microsoft has issued what’s called an out-of-band patch — that’s one that isn’t despatched following the usual routine — to protect against malicious .LNK files that have recently become targets for exploits. Be aware of it and apply it when it arrives.
