Just in time for the 4 July Independence Day celebrations in the US, researchers from security firm Proofpoint has discovered a particularly nasty piece of malware targeting travel sites and directly affecting British tourists.
The discovery shows that popular travel destination websites for cities including Boston, Houston and Salt Lake City have been exploited and are serving malware to unsuspecting visitors. The malware is also particularly potent: it goes undetected by all but four out of the 51 antivirus products on Virus Total.
The attack infects any users who visit the sites, whether accidentally or after being directed through targeted phishing emails.
The malware's command-and-control infrastructure all appears to be based in Ukraine. When users visit one of these infected websites a web exploit kit is run that then downloads additional malware onto the users machine. The exploit version that is being used has very low detection rates with traditional antivirus solutions, so this is particularly dangerous for users.
Coordinated campaigns are also driving users to the infected websites to generate maximum impact for the cybercriminals behind the scam.
In response to the discovery, Proofpoint's Mike Horn said: "Since the attack started on July 3rd, and some of the web pages are promoting 4th of July activities, this attack appears to have been carefully timed to coincide with the US holiday season. It's likely that the websites have been compromised for some time, but the attackers were carefully planning their attack for maximum impact."
"This is a good example of how poorly protected websites play a big role in the distribution of malware. Users might be directed to these sites by a search engine and they have no idea that just by visiting the site they can become infected."