Trojan Attacks Via Parking Violation Notices

Cybercriminals took their malware to the streets in Grand Forks, N.D., where some motorists recently found parking violation notices on their windshields instructing them to visit a URL to view photos of their purported infraction. The phony parking tickets contained a malicious URL that requires them to download a toolbar, which is actually a Trojan.

The "toolbar" shows photos of parked cars in the area; the user is prompted with a pop-up with a fake security alert, attempting to lure the victim into installing phony antivirus software to clean up their machine.

"The malicious programs were run-of-the-mill; however, the use of flyers was an innovative way of social-engineering potential victims into visiting a malicious website," said Lenny Zeltser, a SANS Internet Storm Center analyst in a blog post on the attack.

Zeltser, who analyzed the malware and the attack, says the initial malware is automatically installed as a browser helper object for Internet Explorer. It then downloads code from a notoriously bad domain that's well-known among security researchers (childhe.com), and then uses the fake security alert to trick the victim into installing more malware.

"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often," Zeltser blogged

Source