Worried about that virus, I am. Checked with this site: https://www.ssllabs.com/ssltest/index.html and Marriott.com is vulnerable. Of course this site updates the stats on a moment to moment basis but at this juncture seems to me that a password change is in order.
Just my thoughts and I am far from an IT geek!
Here is the SSL report
This server is not vulnerable to the Heartbleed attack. (Experimental)