David Baxter PhD
Late Founder
Your Car, Yet Another Way to Spread Malware
MX Logic IT Security Blog
05 February 2009
Here's a great story about social engineering from the folks over at the Internet Storm Center that originates with fake parking tickets being placed on car windshields. The recipient of the "ticket" is then asked to visit a website to get more information about the ticket. When the "offender" visits the web site, they would see photos of various cars parked in parking lots.
The article gives much more detailed information about how the plan was carried out and some of the technical analysis of the malware, if you are interested.
Although the lure used by putting a fake parking ticket on someone's car is certainly something new and different (and probably duped a few people). Based on the description of the behavior of the BHO that was installed where it tries to get users to download a fake antivirus application, this tactic sounds very similar to the Confickr/Downadup botnet that has received quite a bit of press lately although no definitive link has been made yet between the two. One would guess that there was some customization of the malware that users were downloading that would benefit the person who was placing the "tickets" as this method of social engineering is clearly not conducive to wide scale infection.
MX Logic IT Security Blog
05 February 2009
Here's a great story about social engineering from the folks over at the Internet Storm Center that originates with fake parking tickets being placed on car windshields. The recipient of the "ticket" is then asked to visit a website to get more information about the ticket. When the "offender" visits the web site, they would see photos of various cars parked in parking lots.
The article gives much more detailed information about how the plan was carried out and some of the technical analysis of the malware, if you are interested.
Although the lure used by putting a fake parking ticket on someone's car is certainly something new and different (and probably duped a few people). Based on the description of the behavior of the BHO that was installed where it tries to get users to download a fake antivirus application, this tactic sounds very similar to the Confickr/Downadup botnet that has received quite a bit of press lately although no definitive link has been made yet between the two. One would guess that there was some customization of the malware that users were downloading that would benefit the person who was placing the "tickets" as this method of social engineering is clearly not conducive to wide scale infection.
