Scareware Haunts Airport Internet Terminals

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services
This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.
Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual "Defense Center Installer" dialog box. "Defense Center Installer" is a fake anti-virus software, also known as "scareware".
This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection. It's also common for this type of malware to try to uninstall legitimate anti-virus software, including Symantec's Norton Anti-Virus. Windows Security Center is visible in the background, claiming that no anti-virus software is installed. Fake anti-virus malware often uses Windows APIs to manipulate the information displayed in Windows Security Center so that Windows claims no anti-virus software is installed, further encouraging unsuspecting users to purchase fake anti-virus software.
While this particular "scareware" will only infect the internet terminal it is an indicator that these terminals are inadequately protected and vulnerable to a full range of (continue reading...)