The yellow tickets found on the cars in Grand Forks, North Dakota, read "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to" and gave a Web site, according to a blog posting on the SANS Internet Storm Center site.
The site referenced shows photos of cars in parking lots in that town and prompts the visitor to download a toolbar to see purported photos of the ticketed car. Downloading the executable installs a Trojan and displays a fake security alert when the system is rebooted. The fake alert prompts the computer user to install a fake anti-virus scanner, SANS said.
"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," wrote SANS analyst Lenny Zeltser.
McAfee's Avert Labs Blog identified the Trojan as Vundo.
The Web site listed on the fake parking citations urges drivers to download a toolbar to find a photo of their car but installs a Trojan instead.
(Credit: SANS, McAfee)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. Original here
No comments:
Post a Comment