Original URL: http://www.theregister.co.uk/2009/02/05/car_flyer_malware_bait/

Fake parking tickets lead unwary to malware

Fluttery paper route to online scam

By John Leyden

Posted in Security, 5th February 2009 11:30 GMT

Hackers are using fake parking violation warnings to trick motorists into visiting malware-infested websites.

The innovative social engineering trick was pulled off in Grand Forks, North Dakota using windshield fliers with a website address linked to a booby-trapped website. The fliers said:

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]

Drivers visiting the website were coaxed into installing a browser helper object (spyware component) for IE. Attempts are also made to frighten or coerce surfers into installing fake anti-virus scanner packages.

Lenny Zeltser, an anti-virus analyst at the SANS Institute, comments: "Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often."

SANS has a write-up of the attack, include screenshots and pictures, here. ®