Malware Spreading Via ... Windshield Fliers? 207
wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."
That is pretty clever... (Score:5, Interesting)
And then you add in people who are from out of town, who would much rather not have to go back to your city to deal with a ticket...
Re:Clever idea... (Score:3, Interesting)
Depends on how many people actually pay the fine.
Should be pretty easy to stop (Score:3, Interesting)
Oh, wait. Registrar accreditation is handled by these bumbling idiots. And how many ISPs that offer hosting services respond to much of anything?
Re:Clever idea... (Score:3, Interesting)
Ah, but have you ever seen those 5 cent plastic signs advertising DatingIn.com? Somebody local to you nails/stakes those(and probably all those other signs) and they do it for stupid cheap.
Ad agencies realized people will put those up for a pittance if you didn't care where they went, just wherever someone was already going for work/shopping/etc. And those things are everywhere.
Heaven help us if they were to get the idea to give the homeless a bottle of rotgut and a pad of these malware tickets. It'd be like covering your car with post-its.
Re:A virus I'd actually fall for (Score:5, Interesting)
Re:Who reads those things anyway? (Score:5, Interesting)
1. You are parked legally
2. Everybody else has these "tickets"
I've gotten tickets when I was parked legally and successfully contested them. All the other cars on the block were also incorrectly ticketed at the same time - apparently a cop misunderstood the parking rules, or didn't know how to operate a watch.
Furthermore, given the city's trend of contracting out ticking, the fact that the URL pointed to some third party website and not a subdomain of the city or county sites wouldn't have set off any red flags either (although one hosted in the Czech Republic would :). The red-light tickets we get in the mail today directs you to the website of the contracted company and not to the city website.
Re:Clever idea... (Score:5, Interesting)
Depends on where you target your fliers. Put 'em around city hall, and you may be able to get some schmuck to compromise their internal network. Or a bank, or a big company, etc, etc.
That would be the big advantage of being able to geographically target your scam.
Re:That is pretty clever... (Score:4, Interesting)
Not always.
In Eugene, Oregon, for instance, much of the parking is contracted out to a company called Diamond, which has the authority to issue tickets.
These tickets have no phone numbers on them, though they do include an address to mail your payment to.
There seems to be no way of contesting the tickets, either, which was annoying a while back when I got a ticket about a minute before the time had expired.
Re:Clever idea... (Score:5, Interesting)
Sure, some security testing firms have already added "leave trojaned USB sticks in the parking lot" to their list of tests.
Slap these on cars before lunch, everyone who goes out to lunch will probably check the url when they get back on their work computer.
Re:Neat but.. (Score:5, Interesting)
Except in the UK, where it's a public servant with little or no training who, in some instances, actually has more power than a real police officer.
Re:Neat but.. (Score:4, Interesting)
Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while. Especially if the 'objections' site informed you that there had a substantial backlog of cases, and had to be evaluated, parameterized and prioritised. ("and we hope to get back to you before the one month follow up or discard period has passed.) It should be good for two weeks of Paypal heaven. Of course the flier distributor would be caught on video, and identified as wearing a sort of uniform with dayglo highlights including a cap and sunglasses, but hey, its a clue isn't it.
The other worthwhile bit would be advertising. Being caught doing something illegal has your attention. Wow, what an attention grabbing gift. You actually are likely to read the flier. Going to a site www.payubastards.com would be sufficient warning that you are not in standard territory. Opening page tells you that you are (1) a miscreant and (2) so what, rip up the notice and enjoy the site, brought to you by
Of course, city councils would be furious at the disrespect and would find something illegal about it. But if the site poked fun at council misspending and other idiocies, the shut-down could become politically expensive. Political change could be the real objective of the fliers.
Re:Neat but.. (Score:5, Interesting)
Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while.
Someone did that for a while in Madison, WI:
http://www.madison.com/tct/news/stories/302436 [madison.com]
His trial begins on the 19th.
Re:A virus I'd actually fall for (Score:3, Interesting)
Which suggests the best way to distribute these might be to go near some touristy place and put these on cars with out of state plates.
Re:A virus I'd actually fall for (Score:3, Interesting)
I suppose that in a certain way, many linux distributions help with this. They condition users only to install applications from the software repositories.
Package managers do not need to be exclusive to linux. It might be a positive thing for microsoft to create a package management system of "trusted" programs and force all other executables to be run in a sandbox.
Re:Neat but.. (Score:3, Interesting)
Do you think the little kid is going to take a felony spot for a $40 bag of weed? Hell no, he is going to rat you out in a heart beat when someone ID's them off the corporate office's parking lot surveillance camera footage.
Tickets on Illegally parked Cop cars (Score:1, Interesting)
They should put some of those parking tickets on cop cars. See how many cops fall for it!