Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Holiday Season Results In Higher Levels Of Infected Travel Price Comparison Sites

Avast Software : 30 July, 2010  (Technical Article)
UK holidaymakers are the target of a summer campaign by malware writers and hackers as popular holiday price comparison websites start to fall more frequently into a state of being infected by malware to enable hackers to phish personal information
avast! has monitored a rise in holiday and travel related websites within the UK with malware and virus infection in the month of July. However, a new trend is the exploitation of weak security around "search and price comparison sites" such as, a website that as of the 28/07 is infected with the JS:Kroxxu family of Malware.

"Many of these sites are typically just holding pages for a catchy URL with very little substance behind them," explains Ondrej Vlcek AVAST Software CTO, "In the summersearch example, the site is just a front end to a Kelkoo search engine but anybody clicking on any links on the page without proper antivirus protection could be infected by malware."

The JS:Kroxxu is slightly different from usual web malware in that the hacked domains are cross-referenced during an attack. It means that one infected domain just redirects visitors to another infected domain which then finally serves up malware using the latest exploits.

There is no suggestion that Kelkoo or any of the established search aggregators or price comparison services have any Viruses or Malware. However, the open interfaces into these services allows other less well protected or unscrupulous websites to place a simple graphic user interface over their sites and provide price comparison services under their own brand.

Vlcek also notes that many of the infected travel and holiday related websites are small businesses. "There are a few websites for camping holidays and villa rental for example that have infections. As far as we can tell, these are all legitimate and in many cases small family run businesses that have had their websites infected without their knowledge," he explains.

Research from avast confirms that 99% of virus and malware infections spread from perfectly legitimate sites that may have been unknowingly infected or hijacked - highlighting the need for all users to run some form of antivirus protection at all times.

"The other area we are warning about is spam mail directing users to fake sites that offer holiday offers that are too good to be true," comments Vlcek, "No antivirus software will stop a fraudulent offer but there are some telltale signs like websites with no contact phone number, registered office or secure transaction processing facilities that should raise alarm bells."

Vlcek warns users about giving sensitive credit or debit card details for holiday deals that arrive from unsolicited emails. Considering that the UK's 8 major tour operators and low cost airlines between them account for 90%+ of all overseas holidays, unknown brands may well be a dangerous gamble.

"Make sure your antivirus is updated and be cautious around giving out details to websites with no verifiable status," Vlcek concludes.

avast! Software receives non-stop information about infected sites thanks to its CommunityIQ global network of sensors. This data, taken from the actual web browsing experiences of an opt-in group, is then used to protect all avast! users by blocking their access to infected sites.

During June 2010, avast! kept over one million users a day from accessing infected sites. The number of visits to individual infected sites jumped by 52%, with each site receiving an average 89 visitors, up from the previous level of 59. At the same time, the number of reported infected domains dropped by over 30% to 396,679.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo