Parking Violation Notices Lead to Malware - HotHardware
Parking Violation Notices Lead to Malware

Parking Violation Notices Lead to Malware

Using a combination of social engineering and malicious software, an innovative new way to get people to install malware on their computers has recently popped up, and it all starts with finding a flier on your car's windshield stating that your car is illegally parked. The fliers are fake, but they prey on people's fears by stating, "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted." These fake fliers started appearing on windshields in the Grand Forks, North Dakota area a few days ago.

 
 Credit: SANS Institute
It is not clear how many vehicles had been targeted or how many people wound up visiting the website listed on the flier. If a victim of the scam did visit the website, he would see photographs of cars parked in various places around Grand Forks. The user was instructed to install a toolbar so that he could search the site for a picture of his vehicle. The application, PictureSearchToolbar.exe, is actually a Trojan, which McAfee identifies as Vundo.dldr!1231E9AC. The Trojan installs a system DLL that gets "installed as an Internet Explorer Browser Helper Object (BHO)." When Internet Explorer is open, the DLL attempts to connect to "a domain with a bad reputation," according to the SANS Institute. Curiously, Symantec identifies the site as malicious, while McAfee does not. If this connection is successful, a warning pops up that states that the computer is infected with malware, and directs the user to a site to download and "install a fake anti-virus scanner." This fake scanner is actually a type of malware known as a dropper. As to what happens next, the SANS Institute's investigation ended there, but we can guess that users' systems that get infected with this malware are open to potential data and identity theft.

 
  Credit: SANS Institute

McAfee notes that since the Vundo.dldr!1231E9AC Trojan is "injected into common running processes like iexplore.exe [Internet Explorer], software based firewalls might not alert about outgoing connections made by the malware"--meaning that a software firewall alone might not prevent the Trojan from connecting to the questionable domain. McAfee also reports that this Trojan is detected by its DAT files as of 02/04/09.

This security issue was first made public by the SANS Institute in a blog entry by Lenny Zeltser, who is "a member of the Board of Directors at SANS Technology Institute and a senior faculty member at SANS." In the blog, he summarizes this security issue this way:

"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often."

It's anyone's guess as to what other "physical world"-based scenarios will pop up that will lead users to online threats. Perhaps the only words of warning we can provide are to use security software, make sure your security software is up to date, and be suspicious and skeptical of any unknown site.
0
+ -

Vundo is one of the most god-awful pieces of Trojan-horsery I've seen. I got it via a drive-by download and it took me a full week to find a combination of software that could kill it. My AV caught it on the way in and quarantined the file, but I STILL got infected. Needless to say, I fired that turd of a "protection suite". It attaches itself to the Windows login process and changes its associated file names in the dll directory and registry, thus making removal very difficult.

I'd like to find the person/people who coded that and do very very bad things to him/her/them.

0
+ -

My question is what dummy sees a flier and thinks "hmmm...must be a ticket...even though there is no fine, officer name, time or date on it. Let me check out this non dmv or court related website to see why I don't have a fine listed here?"

0
+ -

Savage Animal:

My question is what dummy sees a flier and thinks "hmmm...must be a ticket...even though there is no fine, officer name, time or date on it. Let me check out this non dmv or court related website to see why I don't have a fine listed here?"

Exactly what I was thinking.

 

0
+ -

Savage Animal:

My question is what dummy sees a flier and thinks "hmmm...must be a ticket...even though there is no fine, officer name, time or date on it. Let me check out this non dmv or court related website to see why I don't have a fine listed here?"

the same people who think that they are going to get 5million from some nigerian prince... lol

0
+ -

wow, that's interesting.

Parking Violation! Visit this website to see pictures? lol

Login or Register to Comment
Post a Comment
Username:   Password: