"Malware operators know in advance when targeted fat cats will check in and out."
Researchers have uncovered a seven-year-old malware operation that combines advanced cryptographic attacks, zero-day exploits, and well-developed keyloggers to target elite executives staying in luxury hotels during business trips.
The attackers behind "DarkHotel," as the advanced persistent threat has been dubbed, appear to know in advance when a targeted exec will check in and check out of a hotel. Victims are infected through a variety of methods, including bogus software updates for Adobe Flash, Google Toolbar, or other trusted software that are presented when the exec uses the hotel's Wi-Fi or wired Internet access.
In many cases, the attack code is signed with a trusted digital certificate that the attackers were able to clone by factoring the underlying 512-bit private key. While factoring weak 512-bit keys has been practical for several years, the crypto attack nonetheless is an "advanced" capability, particularly a few years ago. Taken together, the characteristics are an indication the operators have some sophistication, said researchers from Kaspersky Lab, the Russia-based security firm that disclosed the campaign.
Continued : http://arstechnica.com/security/2014/11/darkhotel-uses-bogus-crypto-certificates-to-snare-wi-fi-connected-execs/
Related :
Darkhotel APT Group Targeting Top Executives in Long-Term Campaign
Darkhotel espionage campaign targets corporate executives traveling abroad

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic