Hoax parking tickets lead to Trojan

Fake traffic violation tickets direct the recipients to a Web site that claims to have photographic evidence of the alleged violation

Hackers are using hoax parking tickets planted on vehicles in the U.S. as a way of spreading malicious viruses.

According to the security experts, the traffic violation tickets that were placed on cars directed the recipients to a Web site that claims to have photographic evidence of the alleged violation. Web users are encouraged to download a toolbar to find the images of their vehicle.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

However, the toolbar installs the Vundo Trojan, which in turn in stalls a fake virus scanner onto a PC.

Vehicles in Grand Forks, North Dakota, were the targets for this new type of fraud.

"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," said SANS anti-virus analyst Lenny Zeltser on a blog.

Zlester said he thought it was the first-time hackers had resulted to scams that covered both the Web and the real world.

"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often," he said.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies