Followers

Thursday, February 5, 2009

Fake parking tickets direct to malicious Web site

Posted by Elinor Mills

In a scary online-offline Internet scam, hybrid cars in North Dakota have been tagged with fake parking citations that include a Web address hosting malicious software that drops a Trojan onto the computer.

The yellow tickets found on the cars in Grand Forks, North Dakota, read "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to" and gave a Web site, according to a blog posting on the SANS Internet Storm Center site.

The site referenced shows photos of cars in parking lots in that town and prompts the visitor to download a toolbar to see purported photos of the ticketed car. Downloading the executable installs a Trojan and displays a fake security alert when the system is rebooted. The fake alert prompts the computer user to install a fake anti-virus scanner, SANS said.

"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," wrote SANS analyst Lenny Zeltser.

McAfee's Avert Labs Blog identified the Trojan as Vundo.

The Web site listed on the fake parking citations urges drivers to download a toolbar to find a photo of their car but installs a Trojan instead.

(Credit: SANS, McAfee)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

Original here

No comments: