Kaspersky and DarkHotel

On Monday, Kaspersky posted about malware it has dubbed DarkHotel which targets corporate executives traveling abroad.

It is a good awareness piece.   Any time you are on someone else’s network, you are engaging in risky behavior.

With DarkHotel, users are prompted to install ‘updates’ to their software.   This is familiar, as similar fake updates are presented to spur users to install malware when visiting compromised websites or sites with malicious advertising.  Software updates should be performed on a trusted network whenever possible.  Updates should always be gotten from a trusted location.

This can be more difficult than it seems.   Lets say you see a prompt to update Flash.  Too wise to fall for this, you close your browser, reopen it, and browse to adobe.com to download the latest flash update.   If adobe doesn’t use SSL, and a malicious attacker controls your network, you could be redirected to install malware instead even using this ‘safer’ method.

When you’re on the road, its not the best time to perform updates to your system anyway.  If something goes wrong you may not have access to resources to fix issues with even a legitimate update.

What if you’re on the road all the time?

This is where VPN software comes in handy.

I’ve blogged about my use of Witopia as a personal vpn provider.
If I was traveling for work, I could use my work VPN, however if your company doesn’t tunnel ALL traffic, you are still vulnerable.
Advanced users may choose to install a router at home which contains VPN server software to be able to VPN home.  Some newer routers support this functionality.

Staying safe on the internet requires vigilence.