The yellow tickets found on the cars in Grand Forks, North Dakota, read "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to" and gave a Web site, according to a blog posting on the SANS Internet Storm Center site.
The site referenced shows photos of cars in parking lots in that town and prompts the visitor to download a toolbar to see purported photos of the ticketed car. Downloading the executable installs a Trojan and displays a fake security alert when the system is rebooted. The fake alert prompts the computer user to install a fake anti-virus scanner, SANS said.
"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," wrote SANS analyst Lenny Zeltser.
McAfee's Avert Labs Blog identified the Trojan as Vundo.
Original here
No comments:
Post a Comment