Malware Spreading Via ... Windshield Fliers?

← Back to Stories (view on slashdot.org)

Malware Spreading Via ... Windshield Fliers?

Posted by timothy on Wednesday February 4, 2009 @06:12AM from the right-at-home-with-the-bug-guts dept.

wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."

207 comments

Min score:

Reason:

Sort:

Neat but.. by Dyinobal · 2009-02-04 06:14 · Score: 5, Insightful

As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.
1. Re:Neat but.. by bensafrickingenius · 2009-02-04 06:16 · Score: 5, Funny
  
  Absolutely. And just think of actually having the chance to get your hands on one of those assholes. My god, the frustrations I could take out on him!
  
  --
  I am not left-handed, either!
2. Re:Neat but.. by Anonymous Coward · 2009-02-04 06:30 · Score: 5, Funny
  
  My god, the frustrations I could take out on him!
  Also, we could use violence.
3. Re:Neat but.. by Captain+Spam · 2009-02-04 06:33 · Score: 5, Insightful
  
  Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for, not a malicious malware author/user hiding in an apartment somewhere while his freshly-hired lackeys unwittingly do his bidding.
  So unfortunately, catching the guy distributing the fliers wouldn't do you any good, unless you're really THAT upset with the practice of windshield fliering in the first place.
  The fake parking tickets, though, those are probably illegal in and of themselves, and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity, so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.
  
  --
  Demanding constant attention will only lead to attention.
4. Re:Neat but.. by GradiusCVK · 2009-02-04 06:36 · Score: 1
  
  Just mention "spam" and no jury would convict you. May not be entirely accurate, but how many average jurists would know?
5. Re:Neat but.. by pclminion · 2009-02-04 06:37 · Score: 3, Insightful
  
  Some homeless person who some random dude paid $20 to slap a bunch of fliers on cars is going to help you how?
6. Re:Neat but.. by poot_rootbeer · 2009-02-04 06:37 · Score: 1
  
  just think of actually having the chance to get your hands on one of those assholes
  Obviously the jerk walking around town putting fake parking tickets on cars isn't going to be the ringmaster of the operation. He's going to be just some guy trying to make a few dollars.
  I'd like to think that enough people are moral enough to know that this is wrong, and the rest will figure it out after being arrested for impersonating a police officer, that the efficacy of this infection vector will quickly fall to zero.
7. Re:Neat but.. by moderatorrater · 2009-02-04 06:49 · Score: 1
  
  It'll lead you to someone who got paid a little money to do it but has no idea who the actual person who paid them is. At the most they'll catch one or two of the people who are actually behind the scheme, the rest will all be people who just wanted a quick job that paid a few bucks.
8. Re:Neat but.. by Neanderthal+Ninny · 2009-02-04 06:52 · Score: 1
  
  Correct. With those video cameras they have at most shopping places now they can look the video who did and catch them this way. However, this will inspire copycats to do more of this crap at other places so we need to be more wary of things we get from any source, including "official" look parking tickets.
  If in doubt go to the place where you shop and talk to them direct about the "ticket" so you can find out if it for real.
9. Re:Neat but.. by Smidge204 · 2009-02-04 06:53 · Score: 4, Funny
  
  Phase 1: Pose as college student looking to make a few bucks
  Phase 2: Get to know person distributing the fliers to students
  Phase 3: Stand trial for aggravated assault with no regrets.
  =Smidge=
10. Re:Neat but.. by agnosticanarch · 2009-02-04 06:59 · Score: 1
  
  Except that the guy you catch was probably paid cash (or a crack rock) by "some other guy" to put those on cars. I know that if _I_ were doing that, I wouldn't be the one with the paper in hand on the street... Just sayin'.
  ~AA
  
  --
  I contend that we are both atheists. I just believe in one fewer god than you do.
11. Re:Neat but.. by Anonymous Coward · 2009-02-04 07:14 · Score: 0
  
  As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.
  He's probably just some schmuck paid a couple bucks in cash to put fliers on windshields.
  But, we could waterboard him until he gives up the ringleaders.
12. Re:Neat but.. by Cynonamous+Anoward · 2009-02-04 07:19 · Score: 5, Funny
  
  Phase 1: Pose as college student looking to make a few bucks
  Phase 2: ???
  Phase 3: PROFIT!!!
  There, fixed that for you.
  
  --
  "The GPL is viral by design, like any good religion."
13. Re:Neat but.. by skuzzlebutt · 2009-02-04 07:26 · Score: 1
  
  VirtuaMod: +1
  
  --
  My debut novel AMITY now available: http://jeremydbrooks.c
14. Re:Neat but.. by Opportunist · 2009-02-04 07:42 · Score: 1
  
  Not in every country policemen hand out parking tickets. More often than not it's just some "public servant" with little to no training and certainly no executive power.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re:Neat but.. by dmomo · 2009-02-04 07:43 · Score: 1
  
  Agreed. Of course, the next step will be for the malware creator to obscure themselves from the "flier" person. Easy enough, I suppose. Malware provider pays via paypal and has an anonymous scout verifying that the "flier person" is actually doing their job. The person putting the fliers may not even know that what they are doing is bad.
16. Re:Neat but.. by Anonymous Coward · 2009-02-04 07:43 · Score: 0
  
  Now, /. does not endorse vigilante violence. Unless it gets results... which it *will*.
17. Re:Neat but.. by Tubal-Cain · 2009-02-04 07:45 · Score: 1
  
  Some homeless person...is going to help you how?
  Another $50 should get you a place and time.
18. Re:Neat but.. by hayesk · 2009-02-04 07:49 · Score: 1
  
  Unfortunately, you're more likely to catch a kid that was paid $5 by someone to do the entire parking lot. The real guy is home at his computer.
19. Re:Neat but.. by TrippTDF · 2009-02-04 07:49 · Score: 1
  
  This seems like more of a kids prank, really. Unless you have a network of people around the country / world doing the same thing, you're only going to effect a very small number of people. You can't do this to build a botnet, which seems to be the goal of most virus writers these days.
20. Re:Neat but.. by cthulu_mt · 2009-02-04 07:52 · Score: 2, Funny
  
  I think that's how Gov. Spitzer's girlfriend got started.
  
  --
  Virginia is for lovers. EVE is for griefers.
21. Re:Neat but.. by Anonymous Coward · 2009-02-04 07:54 · Score: 4, Insightful
  
  unless you're really THAT upset with the practice of windshield fliering in the first place.
  
  Yes, I am. There are certain behaviors everyone should know are asshattery. Being a "poor college student" does not make it okay to take a job being a total jerk (telemarketing, spammer, virus writer, and the person who sprays people unasked with perfume).
22. Re:Neat but.. by Anonymous+Cowpat · 2009-02-04 07:58 · Score: 4, Interesting
  
  Except in the UK, where it's a public servant with little or no training who, in some instances, actually has more power than a real police officer.
  
  --
  FGD 135
23. Re:Neat but.. by bornwaysouth · 2009-02-04 08:02 · Score: 3, Interesting
  
  What a waste of an idea. I don't understand why they were messing about with such a low payback as malware. Spam relies on say a 0.1% success rate, but millions of fliers. Physical fliers are too costly.
  
  Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while. Especially if the 'objections' site informed you that there had a substantial backlog of cases, and had to be evaluated, parameterized and prioritised. ("and we hope to get back to you before the one month follow up or discard period has passed.) It should be good for two weeks of Paypal heaven. Of course the flier distributor would be caught on video, and identified as wearing a sort of uniform with dayglo highlights including a cap and sunglasses, but hey, its a clue isn't it.
  
  The other worthwhile bit would be advertising. Being caught doing something illegal has your attention. Wow, what an attention grabbing gift. You actually are likely to read the flier. Going to a site www.payubastards.com would be sufficient warning that you are not in standard territory. Opening page tells you that you are (1) a miscreant and (2) so what, rip up the notice and enjoy the site, brought to you by ....
  
  Of course, city councils would be furious at the disrespect and would find something illegal about it. But if the site poked fun at council misspending and other idiocies, the shut-down could become politically expensive. Political change could be the real objective of the fliers.
24. Re:Neat but.. by Intron · 2009-02-04 08:05 · Score: 2, Funny
  
  More likely it was someone who got an email with the subject:
  MAKE THOUSANDS OF DOLLARS IN YOUR SPARE TIME!!!!!
  
  --
  Intron: the portion of DNA which expresses nothing useful.
25. Re:Neat but.. by Kleen13 · 2009-02-04 08:20 · Score: 1
  
  Nah, it'd be some 10 year old who did it for a $20 or something.
  
  --
  That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
26. Re:Neat but.. by Thaelon · 2009-02-04 08:22 · Score: 0, Redundant
  
  He'll tell you who paid him to do it for $25.
  
  --
  Question everything
27. Re:Neat but.. by Anonymous Coward · 2009-02-04 08:27 · Score: 0
  
  Quantum computing is a bit weird
  So was your post.
28. Re:Neat but.. by drinkypoo · 2009-02-04 08:39 · Score: 1
  
  Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for,
  Is it time to invoke Godwin's law yet?
  
  The fake parking tickets, though, those are probably illegal in and of themselves
  So are the fliers.
  
  and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity
  They have to litter to put a flyer on someone else's car. Depending on where you are it might be considered vandalism, esp. if you do it on a rainy day and it dries on and the owner has to expend actual effort (no matter how slight) if they are annoyed enough with you. But it's not like they put a lot of effort into running down the flyer-appliers of the world.
  
  so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.
  The parking tickets are more illegal, because applying them is probably in and of itself considered to be impersonating a police officer. (At least, it's extremely easy to construct such an argument, which I leave as an exercise to anyone at least five years old and equipped with a functioning imagination. I doubt anyone else is reading this comment.)
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
29. Re:Neat but.. by Anonymous Coward · 2009-02-04 08:50 · Score: 1, Informative
  
  Some homeless person...is going to help you how?
  Another $50 should get you a place and time.
  Damn you must not haggle much. I could get it out of them for $5 and a can of White Lightning.
30. Re:Neat but.. by 91degrees · 2009-02-04 09:03 · Score: 1
  
  He'll be able to give you a description of the random dude. Possibly a name and an address.
31. Re:Neat but.. by 1729 · 2009-02-04 09:04 · Score: 4, Interesting
  
  Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while.
  Someone did that for a while in Madison, WI:
  http://www.madison.com/tct/news/stories/302436
  His trial begins on the 19th.
32. Re:Neat but.. by pasv · 2009-02-04 09:16 · Score: 4, Insightful
  
  My god, the frustrations I could take out on him!
  Also, we could use violence.
  Do you think the people putting these flyers on cars are the real authors. i could just as easily pay some little kid 40 bux worth of weed to go around that parking lot of that nice corporate office over there and put these flyers out :P
33. Re:Neat but.. by trum4n · 2009-02-04 09:17 · Score: 1, Redundant
  
  We here only endorse violence against the RIAA and M$.
34. Re:Neat but.. by Nick+Ives · 2009-02-04 09:24 · Score: 3, Informative
  
  Indeed. I remember hearing about a Nigerian 419 scammer who got hold of a lad with learning difficulties in America. After he fleeced him for all he could get he gave him a job funneling money from other marks. He had a lot more success because people thought he had a genuine presence in the USA. The poor kid thought he had an honest job and was going to get paid "any day now"...
  
  --
  Nick
35. Re:Neat but.. by joeysmith · 2009-02-04 11:13 · Score: 1
  
  Also, we could use violence.
  You're Doing It Wrong (TM)
36. Re:Neat but.. by John+Hasler · 2009-02-04 12:23 · Score: 2, Insightful
  
  > So unfortunately, catching the guy distributing the fliers wouldn't do you any good...
  He knows who he got the flyers from.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
37. Re:Neat but.. by Anonymous Coward · 2009-02-04 12:31 · Score: 0
  
  I just had three teeth pulled and this made me laugh. Bravo.
38. Re:Neat but.. by Anonymous Coward · 2009-02-04 12:40 · Score: 0
  
  Are Zack and Miri making another porno?
  That's the impression I get from your fix'd list of steps.
39. Re:Neat but.. by pclminion · 2009-02-04 13:48 · Score: 1
  
  Because the guy surely gave his name, and made sure he was easily recognized?
  It's not hard to make yourself look nondescript.
40. Re:Neat but.. by mysidia · 2009-02-04 14:11 · Score: 1
  
  The people putting them on windshields are probably just naive guerilla marketers who are hired by the real bad guys.
  They may even be people who have fallen for a "make money quick" scam. Where for every visitor to the site, they are supposed to get a payment.
  I can think of quite a few permutations where the people pushing the fliers are ignorant to their contents, or the fact the URL contains malware, and are totally innocent (other than passing "ads" out with a URL they don't know about).
41. Re:Neat but.. by Anonymous Coward · 2009-02-04 14:15 · Score: 0
  
  yeah it's on the web so it must be true.... doubt value of acquisition a compromised system justifies the cost of $ flyer + $ distribution + $ risk of getting caught.
  I call BS on this.
42. Re:Neat but.. by sumdumass · 2009-02-04 15:59 · Score: 2, Interesting
  
  Do you think the little kid is going to take a felony spot for a $40 bag of weed? Hell no, he is going to rat you out in a heart beat when someone ID's them off the corporate office's parking lot surveillance camera footage.
43. Re:Neat but.. by ResidntGeek · 2009-02-04 16:11 · Score: 2, Insightful
  
  Yes, it does. I care much more about being able to buy ramen than I do about your dinner not being interrupted, or your email inox having a few viagra ads in it. I fully expect other people to have the same priorities.
  
  --
  ResidntGeek
44. Re:Neat but.. by Anonymous Coward · 2009-02-04 17:15 · Score: 0
  
  Ahhh, the Jack Bauer approach.
45. Re:Neat but.. by sponga · 2009-02-04 19:45 · Score: 1
  
  It's not that hard to pay some day laborer hanging out in front of Home Depot to dispense these all around.
  Guy who doesn't speak english very well and is afraid of being deported, change them up every couple days.
  Shit I did this stuff when I was a kid to get AOL accounts so that I would be able to get on the internet, leave the discs around and sure enough I would have a couple dozen emails of AOL username/passwords in my hotmail ready to use.
46. Re:Neat but.. by Anonymous Coward · 2009-02-04 22:21 · Score: 0
  
  Why do we never see endorsements like this on comedians' DVD's? They need to make up some better ones.
47. Re:Neat but.. by mokumegane · 2009-02-05 00:40 · Score: 1
  
  I hope they wore gloves while they handled the papers or they're going to be in jail sooner than they think! :o Well, actually, I don't hope they used gloves because I'd rather they were in jail sooner than they thought lol...
48. Re:Neat but.. by mokumegane · 2009-02-05 00:42 · Score: 1
  
  Do you think the people putting these flyers on cars are the real authors. i could just as easily pay some little kid 40 bux worth of weed to go around that parking lot of that nice corporate office over there and put these flyers out :P
  Aaaaannnddd the police can get out of said kid who gave them the money to do it. The younger, the easier.
49. Re:Neat but.. by mokumegane · 2009-02-05 00:48 · Score: 1
  
  unless you're really THAT upset with the practice of windshield fliering in the first place.
  
  Yes, I am. There are certain behaviors everyone should know are asshattery. Being a "poor college student" does not make it okay to take a job being a total jerk (telemarketing, spammer, virus writer, and the person who sprays people unasked with perfume).
  Omg, I can't stand the perfume sprayers! You know, some people are allergic to that crap... One time, I walked out of a store with little, teeny, red dots all over me. It was like I got chewed to death by a puppy or something... only REALLY itchy!
50. Re:Neat but.. by jonbryce · 2009-02-05 01:48 · Score: 1
  
  They aren't public servants. They work for private mercenaries like APCOA and NCP.
51. Re:Neat but.. by Anonymous Coward · 2009-02-05 07:54 · Score: 0
  
  Offer said homeless dude some Jack Daniel's. You'll get some help REALLY quick.
Clever idea... by O('_')O_Bush · 2009-02-04 06:17 · Score: 4, Insightful

but I can't seriously imagine this being a widespread problem.

Maybe a few people in a town would end up affected, but the cost in time/effort required to trap victims is impractical considering what a simple email can do.

--
while(1) attack(People.Sandy);
1. Re:Clever idea... by IamGarageGuy+2 · 2009-02-04 06:23 · Score: 4, Insightful
  
  Maybe this is supposed to be a local infection by design. Maybe to attack a local business or gov. office. Anybody have any ideas of how a local ip could be used to attack something?
  
  --
  Stay tuned for new sig...
2. Re:Clever idea... by John+Hasler · 2009-02-04 06:26 · Score: 2, Interesting
  
  Depends on how many people actually pay the fine.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:Clever idea... by Zerth · 2009-02-04 06:29 · Score: 2, Interesting
  
  Ah, but have you ever seen those 5 cent plastic signs advertising DatingIn.com? Somebody local to you nails/stakes those(and probably all those other signs) and they do it for stupid cheap.
  Ad agencies realized people will put those up for a pittance if you didn't care where they went, just wherever someone was already going for work/shopping/etc. And those things are everywhere.
  Heaven help us if they were to get the idea to give the homeless a bottle of rotgut and a pad of these malware tickets. It'd be like covering your car with post-its.
4. Re:Clever idea... by MWDrexel · 2009-02-04 06:35 · Score: 1
  
  Or a specific individual?
5. Re:Clever idea... by Anonymous+Monkey · 2009-02-04 06:40 · Score: 1
  
  I think with the right labor pool and right area this could very troublesome. Get homeless people to do the leg work, and target major metropolitan areas like New York, San Francisco, and LA. Also if you have a few rootkits waiting on the other side of the URL you could propagate to Linux and Mac machines as well.
  
  --
  We are the Borg...
6. Re:Clever idea... by SatanicPuppy · 2009-02-04 06:40 · Score: 4, Interesting
  
  Depends on where you target your fliers. Put 'em around city hall, and you may be able to get some schmuck to compromise their internal network. Or a bank, or a big company, etc, etc.
  That would be the big advantage of being able to geographically target your scam.
  
  --
  ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
7. Re:Clever idea... by Zerth · 2009-02-04 06:51 · Score: 5, Interesting
  
  Sure, some security testing firms have already added "leave trojaned USB sticks in the parking lot" to their list of tests.
  Slap these on cars before lunch, everyone who goes out to lunch will probably check the url when they get back on their work computer.
8. Re:Clever idea... by Hyppy · 2009-02-04 07:14 · Score: 1
  
  Get enough local IPs, and you could mount an extremely effective DDOS attack over underutilized peering lines between the local ISPs.
9. Re:Clever idea... by Anonymous Coward · 2009-02-04 07:29 · Score: 0
  
  Yes! Using the local IP of 127.0.0.1 (very very local) you can do tremendous damage! Be careful!
10. Re:Clever idea... by Sleepy · 2009-02-04 07:32 · Score: 1
  
  >Anybody have any ideas of how a local ip could be used to attack something?
  Well, if you want to make ad money you would change the "DNS server" field on the gateweay router. Most clueless router installs use default admin passwords. Then all your LAN PC's would be using the alternate DNS servers...
  You could also troll the inside RFC1918 netspace, and scp random documents found on a fileserver that grants "guest" logins.
11. Re:Clever idea... by GravityStar · 2009-02-04 07:33 · Score: 1
  
  Odd. Why haven't those ad agencies not been sued? Or just plain and simple fined? I would never get away with anything like that here. (Europe)
12. Re:Clever idea... by MiniMike · 2009-02-04 08:58 · Score: 1
  
  Somebody should print up and distribute signs like that (dating services, work at home, free govt. money, etc) that all lead to Windows update. It's the only way many Windows users will ever see it, and it might solve a lot of these other problems.
  Plus, Microsoft would think they were being DDOS'd when everyone who runs Windows actually updated.
13. Re:Clever idea... by 91degrees · 2009-02-04 09:08 · Score: 1
  
  You're still looking at orders of magnitude more expensive than email. You'll only get a thousand or so for paying someone a couple of hours minimum wage. In the same amount of time, a computer can send millions of emails.
  
  Not saying this isn't going to work, just pointing out that you'd need several orders of magnitude higher response rate than email malware to make a profit.
14. Re:Clever idea... by Zerth · 2009-02-04 09:16 · Score: 1
  
  For the same reason you need a spam filter. That kind of ad agency exists only as a rented postbox, and if you were to track them down, they'd disclaim any relationship to the person posting them.
  If given proof they had ever interacted, they'd say the person was "at best, only a contractor", or they "fired them long ago for breaking the law".
15. Re:Clever idea... by Zerth · 2009-02-04 10:12 · Score: 1
  
  They get an order or two of magnitude more exposure. They can spam you without knowing your email! Or a computer, for that matter, as long as you have access at school, work, library, or cafe.
  And if your area isn't particularly OCD about removing signage, the $.05 or $.10 it cost them can last for weeks, hitting thousands of people in high traffic areas, bringing the effective cost/person back down into the email range.
  And they get all kinds of information from you that you wouldn't get from email, like your physical location when you saw the sign, approximately how long the sign has been up, a rough estimate of traffic of a certain kind in that area, etc.
  If I didn't think they were littering scumsuckers of the same moral standings as spammers, I'd almost admire it.
16. Re:Clever idea... by jonbryce · 2009-02-05 01:55 · Score: 1
  
  But the vast majority of these emails get binned / ignored. How effective can they actually be these days when pretty much everyone knows about them and gets hundreds of them per day?
A virus I'd actually fall for by pwnies · 2009-02-04 06:18 · Score: 4, Insightful

What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
1. Re:A virus I'd actually fall for by zappepcs · 2009-02-04 06:24 · Score: 5, Funny
  
  welcome to the world of personal computing! Now that you've made the decision to dedicate at least some part of your life to staring at a screen and tapping on a keyboard, you should know that we (The Internets) have been working hard to make your computing experience as exciting as possible.
  Everyday you will have to learn more and more about computing just to keep up with trends, and if that isn't enough, we have some software coders that want to play a game with you. It's called "Show me your password and finance details" and is such an exciting game you will soon forget all about Zelda. Never mind looking for the hidden doors or avoiding poisonous frogs. In this game, every key you touch could be the one that causes you to lose.
  We also have many other options to fill your time. We're glad you are here, enjoy computing in the Internets.
  Sincerely,
  I.M. Rogue
  
  --
  Support NYCountryLawyer RIAA vs People
2. Re:A virus I'd actually fall for by morgan_greywolf · 2009-02-04 06:27 · Score: 2, Insightful
  
  What scares me most is that this style of distribution is something I'd actually fall for.
  How so? Anytime I get a prompt to install anything from a website I'm not expecting, especially on Windows, I tell it no. Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.
  
  --
  My blog
3. Re:A virus I'd actually fall for by Guiness17 · 2009-02-04 06:29 · Score: 5, Interesting
  
  Agreed, I could've fallen for this myself. I got a ticket about a year ago in a city I didn't live in, and lo and behold, it had a website on it for paying online. Ticket looked official, but on second thought, I couldn't be sure, having never seen one from that city before. I blindly typed in the URL... I'd like to believe I would have picked off a phishing scam, but still, I took the first step.
  
  --
  Imagine for a moment a world without hypothetical situations...
4. Re:A virus I'd actually fall for by RiotingPacifist · 2009-02-04 06:31 · Score: 1
  
  erm if a band/buisness/etc need me to install an EXE im not using it. there are plenty of safe mediums to exchange with unkown people, mp3, pdf/image formats. while these attacks are more devious it still fails to computer literate common sense, "why would i need to install something to..."
  
  --
  IranAir Flight 655 never forget!
5. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 06:44 · Score: 0
  
  Using noscript would be a fairly easy solution to completely stop this in its tracks.
6. Re:A virus I'd actually fall for by sexconker · 2009-02-04 07:06 · Score: 1
  
  Just don't go to www.17shittyemoband.com, just like you don't go to 54makethemoney.com when the tv tells you to.
7. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 07:12 · Score: 0
  
  What scares me most is that this style of distribution is something I'd actually fall for.
  How so? Anytime I get a prompt to install anything from a website I'm not expecting, especially on Windows, I tell it no. Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.
  Sadly you are in a minority.
  This is a clever if limited ruse. I'm sure varaints will crop up time and time again though.
8. Re:A virus I'd actually fall for by pentalive · 2009-02-04 07:16 · Score: 1
  
  Easy..
  1) if it is not a parking ticket - Ignore it. I don't do business with that sort of business.
  2) if it is a parking ticket. Don't go to the site, go to the most logical traffic court - take a day off from work. If it's real you can pay your fine or whatever. If it's not - hey at least you get a day off from work.
9. Re:A virus I'd actually fall for by Hyppy · 2009-02-04 07:20 · Score: 5, Insightful
  
  it still fails to computer literate common sense, "why would i need to install something to..."
  Flash. Silverlight. Java. Adobe Reader. Windows Update controls.
  
  People are getting used to installing applications to interact with "trusted" parties.
10. Re:A virus I'd actually fall for by MobyDisk · 2009-02-04 07:22 · Score: 1
  
  Is there a reason someone would download ActiveX controls from the government? I think I'd rather download one from goatse than from anything ending in .gov of .us.
11. Re:A virus I'd actually fall for by 99BottlesOfBeerInMyF · 2009-02-04 07:25 · Score: 1
  
  Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
  True, but the better your protections on the tech side, the harder they have to work at social engineering and the less widespread and effective it will be. There is plenty of room on the tech side for technologies to mitigate trojans.
12. Re:A virus I'd actually fall for by JaredOfEuropa · 2009-02-04 07:36 · Score: 1
  
  Exactly. Recently scammers and spammers have achieved a step change in their approach, which greatly increases the danger they pose even to alert citizens:
  
  They have learnt how to spell.
  
  Be afraid...
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
13. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 08:05 · Score: 0
  
  They have learnt how to spell.
  
  The nefarious bastards!
14. Re:A virus I'd actually fall for by Hal_Porter · 2009-02-04 08:07 · Score: 1
  
  What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
  You should install the lordpwnalot toolbar, it will protect you from this sort of thing.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
15. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 08:29 · Score: 0
  
  I see that is why everybody enters web addresses into google rather than the address bar...
16. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 08:40 · Score: 0
  
  go to the most logical traffic court - take a day off from work
  Hilarious. "Hey, boss, I have to take the day off to pay a parking ticket." What an asinine suggestion. It's pretty easy to just send a check to the parking office; you can validate that address with a paper phonebook if you're so paranoid about online sources.
  By the way, you misspelled twenty-three and forty-two in your signature.
17. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-04 08:57 · Score: 0
  
  erm if a band/buisness/etc need me to install an EXE im not using it.
  That's great and all, but there's still the fake parking ticket. You can't exactly opt out of government, and it's not without precedent for government organizations to use crappy proprietary software. So if it's a believable fake, the EXE installation in and off itself won't necessarily stop the user.
18. Re:A virus I'd actually fall for by piltdownman84 · 2009-02-04 09:27 · Score: 1
  
  It does seem like a very good scam. Exactly the type of thing that even smart people would fall for. I guess the next step would be to add a fake toll free number to call, and just have it stay on hold forever. If I remember correctly there is a bunch of 1-8!! numbers that are actaully toll lines, but alot of people have been conditioned to think everything in that block are toll free lines. Actually forget the virus, just fake tickets with a toll line sounds like a good scam.
19. Re:A virus I'd actually fall for by FangVT · 2009-02-04 09:30 · Score: 2, Interesting
  
  Agreed, I could've fallen for this myself. I got a ticket about a year ago in a city I didn't live in, and lo and behold, it had a website on it for paying online. Ticket looked official, but on second thought, I couldn't be sure, having never seen one from that city before. I blindly typed in the URL... I'd like to believe I would have picked off a phishing scam, but still, I took the first step.
  Which suggests the best way to distribute these might be to go near some touristy place and put these on cars with out of state plates.
  
  --
  A Call for Open Standards
20. Re:A virus I'd actually fall for by VisceralLogic · 2009-02-04 10:47 · Score: 1
  
  Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
  Or you could get a Mac, and you're safe to visit any website, regardless of malicious intent. Just don't type in any personal information!
  
  --
  Stop! Dremel time!
21. Re:A virus I'd actually fall for by u8i9o0 · 2009-02-04 10:56 · Score: 1
  
  Never mind looking for the hidden doors or avoiding poisonous frogs. In this game, every key you touch could be the one that causes you to lose.
  hmm... this game you describe sounds familiar...
  
  Sincerely,
  I.M. Rogue
  Of course! A Roguelike game. Yeah, those are impossible.
  My wizard puts on his robe and cornuthaum...
  :)
  
  --
  This is not my sig
22. Re:A virus I'd actually fall for by bhtooefr · 2009-02-04 11:33 · Score: 1
  
  I'm almost wondering if another approach to browsing is ideal - the extreme extension of the Google Chrome idea.
  Most browsers run different tabs in different threads.
  Chrome runs them in different processes.
  I'm thinking... run them in different [b]virtual machines[/b], of a different architecture than the host system, making the host system physically incapable of running the malware. (Seeing as the client will basically need to be x86 to support a wide array of plugins (and each tab has its own plugin set, and you'd have to manually propagate the plugin to the other tabs,) that means that the host system will probably be PPC, SPARC, Itanium, or ARM or something.)
23. Re:A virus I'd actually fall for by bhtooefr · 2009-02-04 11:36 · Score: 1
  
  No, Noscript would be completely ineffective for this one. Noscript doesn't do a damn thing when it's turned off, which is exactly what the user would do, because they're required to turn it off to "dispute the ticket."
24. Re:A virus I'd actually fall for by collinstocks · 2009-02-04 13:56 · Score: 2, Interesting
  
  I suppose that in a certain way, many linux distributions help with this. They condition users only to install applications from the software repositories.
  Package managers do not need to be exclusive to linux. It might be a positive thing for microsoft to create a package management system of "trusted" programs and force all other executables to be run in a sandbox.
25. Re:A virus I'd actually fall for by Anonymous Coward · 2009-02-05 00:18 · Score: 0
  
  flash.com. microsoft.com. java.com. adobe.com. windowsupdate.com.
  You NEVER let a random page install things. Always click no, and go to the official site to download the newer version.
That is pretty clever... by damn_registrars · 2009-02-04 06:21 · Score: 4, Interesting

After all, do you know what a parking ticket looks like in your city, to be able to distinguish between a real one and a fake? I would suspect that most people who recognize the real thing either wouldn't bother to try to contest one, or don't do anything about them anyways. But for the larger portion of a city's population who has not been ticketed, they could well have a hard time telling a fake from the real thing.

And then you add in people who are from out of town, who would much rather not have to go back to your city to deal with a ticket...

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:That is pretty clever... by pwnies · 2009-02-04 06:26 · Score: 4, Funny
  
  do you know what a parking ticket looks like in your city
  Only one way to find out. Lemme borrow your keys.
2. Re:That is pretty clever... by morgan_greywolf · 2009-02-04 06:31 · Score: 1
  
  Easy. Real parking tickets will have a phone number on them that will lead to a clerk's desk in the local courthouse. This usually can be verified by checking against the phone book. Calling the clerk to verify the details of your ticket is always a good idea anyway, regardless of the potential for fakes.
  
  --
  My blog
3. Re:That is pretty clever... by pluther · 2009-02-04 06:50 · Score: 3, Interesting
  
  Not always.
  In Eugene, Oregon, for instance, much of the parking is contracted out to a company called Diamond, which has the authority to issue tickets.
  These tickets have no phone numbers on them, though they do include an address to mail your payment to.
  There seems to be no way of contesting the tickets, either, which was annoying a while back when I got a ticket about a minute before the time had expired.
  
  --
  If the masses can keep you down, you're not the Ubermensch.
4. Re:That is pretty clever... by z80kid · 2009-02-04 06:53 · Score: 1
  
  Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.
5. Re:That is pretty clever... by damn_registrars · 2009-02-04 07:11 · Score: 4, Insightful
  
  Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.
  Isn't this awesome new moderation system such a great part of this fantastic new layout? Nobody liked the "confirm" button from the previous system, right?
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
6. Re:That is pretty clever... by Hyppy · 2009-02-04 07:25 · Score: 1
  
  "Good ideas" like that are rarely if ever put into practice. If I were doing something like this, I'd just put the county clerk's phone number on there anyway. I'd put money down that ess than 5% of the recipients would actually call.
7. Re:That is pretty clever... by Esc7 · 2009-02-04 07:41 · Score: 1
  
  Ah crap I modded you redundant instead of insightful too!
8. Re:That is pretty clever... by Valdrax · 2009-02-04 08:02 · Score: 1
  
  After all, do you know what a parking ticket looks like in your city, to be able to distinguish between a real one and a fake?
  And if you do, then do you have any reason to believe they haven't changed ticket formats since the last time you got one?
  
  --
  If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
9. Re:That is pretty clever... by Mashiki · 2009-02-04 08:39 · Score: 1
  
  About 7 years ago I got a 'overnight' parking ticket in another city for parking on a side street in the winter. Now mind you, this was my fault and only $18. The ticket only had the seal of the local police force, and a signature of the police officer. Nothing else, besides what the violations were and what could/couldn't be checked.
  They've since changed it, they're double sided with the police seal at the top, county clerks office under that. And city hall on the back as well as a list of all the phone numbers. And the court house. Apparently there was a few issues with fraudulent tickets going around, with 'submit via mailing'.
  
  --
  Om, nomnomnom...
10. Re:That is pretty clever... by Anonymous Coward · 2009-02-04 10:27 · Score: 0
  
  I got a ticket once 20 minutes before the time on the ticket! Fortunately, I showed up to the parking contractor's office 10 minutes before the time on the ticket and they cancelled it.
11. Re:That is pretty clever... by geek2k5 · 2009-02-04 11:18 · Score: 1
  
  Diamond Parking controls a lot of the parking in Spokane, Washington and I have had to deal with ticket problems. In one case I deposited the proper amount while in a parking lot that was almost empty and got ticketed anyway. Thankfully there was a way to contact them at the time and they believed my story since it was my first supposed violation. (I think I found the number in the phone book.)
  The biggest problem with the lot was that it didn't have a way to provide evidence that you paid for parking.
  Now in a newer, larger lot, there is a machine that allows you to pay for parking with a credit card AND generates a receipt you can post in your car and use for tax purposes.
12. Re:That is pretty clever... by Anonymous Coward · 2009-02-05 01:47 · Score: 0
  
  Hey at least they got to moderate.
  I had 15 mod points the other day and couldn't use them as my combination of NoScript and CookieSafe meant no matter what I tried no page ever showed up a mod button.
  Unless I opened it up in IE but there's nooo waaay I'm moderating Slashdot using IE !
  Bah.
Who reads those things anyway? by jandrese · 2009-02-04 06:23 · Score: 5, Informative

I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
1. You are parked legally
2. Everybody else has these "tickets"

And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

--

I read the internet for the articles.
1. Re:Who reads those things anyway? by RiotingPacifist · 2009-02-04 06:33 · Score: 3, Insightful
  
  I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a good infection rate.
  *fixed*
  
  --
  IranAir Flight 655 never forget!
2. Re:Who reads those things anyway? by Billhead · 2009-02-04 06:34 · Score: 3, Insightful
  
  And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html
  
  How is the average person supposed to know that a suspicious address? For all they know it could be some sort of acronym, and would the average Joe actually notice that the alleged government site doesn't have a .gov TLD?
3. Re:Who reads those things anyway? by CannonballHead · 2009-02-04 06:35 · Score: 1
  
  if you look around and notice two things:
  Depending on who you are, that's a big if.
4. Re:Who reads those things anyway? by pavon · 2009-02-04 06:37 · Score: 4, Interesting
  
  1. You are parked legally
  2. Everybody else has these "tickets"
  I've gotten tickets when I was parked legally and successfully contested them. All the other cars on the block were also incorrectly ticketed at the same time - apparently a cop misunderstood the parking rules, or didn't know how to operate a watch.
  Furthermore, given the city's trend of contracting out ticking, the fact that the URL pointed to some third party website and not a subdomain of the city or county sites wouldn't have set off any red flags either (although one hosted in the Czech Republic would :). The red-light tickets we get in the mail today directs you to the website of the contracted company and not to the city website.
5. Re:Who reads those things anyway? by ericspinder · 2009-02-04 06:37 · Score: 1
  
  I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.
  Or just too wrapped up in their own lives to notice other cars. Sure most would know that they aren't parked illegally, but then they'd be even more interested in getting to the website. Hell in some cities, one wouldn't even have to look hard for people parked illegally, as often double parking is the norm. Other towns have confusing rules about where and when one can park. Personally, I could see this as being a very effective attack, in particular if one wants to target a specific individual or small group.
  
  --
  The grass is only greener, if you don't take care of your own lawn.
6. Re:Who reads those things anyway? by kannibal_klown · 2009-02-04 06:37 · Score: 1
  
  I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
  1. You are parked legally
  2. Everybody else has these "tickets"
  And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html
  I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.
  I'll admit, the parking ticket might catch me enough to get to the site if the URL was realistic enough. Something ending in a foreign domain or some completely "out there" URL would set off my flags right away, but a good enough parking ticket scam might nail me at first.
  But the instant I'd have to install something I'd stop what I was doing. I wouldn't care if the domain ended in .gov, I am very particular about what goes onto my PCs. I'd immediately look for alternative routes like the city's or county's official website and/or phone number.
  As for parking, if you parked at a meter then maybe you could think that the cop misread the thing and issued it by mistake. My friend was given a parking ticket at his company's campus in error, and he had to argue with them over it. I'd imagine people think mistakes happen.
7. Re:Who reads those things anyway? by Culture20 · 2009-02-04 06:39 · Score: 2, Insightful
  
  The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
  1. You are parked legally
  2. Everybody else has these "tickets"
  1. All the more reason you'd want to contest it
  2. Maybe the people leaving the tickets are instructed to ticket only 1/10 cars down a street? Even if not, I see people getting tickets all in a row quite often. Metermaids cut wide swaths with their pens.
8. Re:Who reads those things anyway? by SatanicPuppy · 2009-02-04 06:46 · Score: 1
  
  If you target a big company or something, all you need is one person to be stupid, and that's not just probable, it's certain. That's why this stuff works.
  The person may very well know they're legally parked, and so they'll take the logical next step: they'll contact the issuing body to complain, and look, they left the address of their handy website! And, look, they have a photo app, so I can see what bastard got a ticket, then stuck it on my car!
  It's clever.
  
  --
  ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
9. Re:Who reads those things anyway? by sjames · 2009-02-04 06:57 · Score: 1
  
  Cops handing out bogus tickets is all too believable in some cities and towns, particularly the cash strapped ones.
10. Re:Who reads those things anyway? by natebarney · 2009-02-04 07:08 · Score: 1
  
  although one hosted in the Czech Republic would :)
  .ch is Switzerland's TLD.
  </nitpick>
11. Re:Who reads those things anyway? by Hyppy · 2009-02-04 07:28 · Score: 1
  
  Agreed. Also, many government entities don't reside in the .gov tld anyway.
  
  www.ocpafl.org is a good example. That's not exactly an easy one to decipher unless you work with that office regularly.
12. Re:Who reads those things anyway? by Qzukk · 2009-02-04 07:58 · Score: 1
  
  1. You are parked legally
  If you read the SANS article, the fake site apparently has a photo of the ticket recipient's car.
  The example car is taking up two parking spaces.
  Maybe everyone gets the same photo, but I suspect that the person who did this found a new way to take their frustration out on idiots who can't figure out how to operate their vehicle, rather than the tried and true method of parking against their doors so they can't get back in.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
13. Re:Who reads those things anyway? by Valdrax · 2009-02-04 08:10 · Score: 1
  
  Maybe everyone gets the same photo...
  Obviously. If you read the text above the photo in the image, you can see that there's a lot of different car images to choose from to "find" your car in. Naturally, there's absolutely no need to create real individualized photos for a malware site, even for a "revenge" site rather than a traditional one. You would only go to that kind of trouble if the site were legit.
  
  --
  If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
14. Re:Who reads those things anyway? by DinDaddy · 2009-02-04 08:52 · Score: 1
  
  Meter maids have . . .oh. Pens.
15. Re:Who reads those things anyway? by Sir_Lewk · 2009-02-04 09:08 · Score: 1
  
  1. You are parked legally
  2. Everybody else has these "tickets"
  You've never been to Philly have you? Hell, I hear they even have a TV show about those ticketing madmen now...
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
16. Re:Who reads those things anyway? by _Sprocket_ · 2009-02-04 09:16 · Score: 1
  
  I knew something was fishy. I just didn't know it was Swedish fish-y.
17. Re:Who reads those things anyway? by _Sprocket_ · 2009-02-04 09:22 · Score: 1
  
  The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
  1. You are parked legally
  2. Everybody else has these "tickets"
  I disagree. It is simply a part of the gambit. Involving government induces either anger ("damn those bureaucratic idiots") or fear ("oh crap - not another bureaucratic nightmare"). Money reinforces it. Then immediate visual queues that you're in the right (other people also ticketed) seals the deal. You're darned well going to get the bottom of this / show those idiots. Damned them and their indecipherable techno gibberish. Hook... line... sinker.
  Emotional slight of hand is the hallmark of a good con.
18. Re:Who reads those things anyway? by Orbijx · 2009-02-04 09:54 · Score: 1
  
  Interestingly enough, my city uses a .net TLD, not .gov for things regarding the public, and yes, it's quite legit.
  
  --
  One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
19. Re:Who reads those things anyway? by noidentity · 2009-02-04 11:58 · Score: 1
  
  You know the flier contains a suspicious web address by the fact that there's no phone number of mailing address listed along with it.
20. Re:Who reads those things anyway? by uecal27 · 2009-02-04 12:14 · Score: 0
  
  I knew something was fishy. I just didn't know it was Swedish fish-y.
  And here I was thinking that Swedish fish were from Sweden...
21. Re:Who reads those things anyway? by mysidia · 2009-02-04 14:40 · Score: 1
  
  I'm sure they can find something such as...
  parkingticket.bz
  payfine.ca
  traficviolation.net
  Well, those particular names may be taken, but there are lots of options that are good enough. Governments sometimes outsource services like this, and you really can't know by looking at the domain if it's legitimate or not, unless the frausters' online marketing is just downright inept.
22. Re:Who reads those things anyway? by Anonymous Coward · 2009-02-04 22:08 · Score: 0
  
  Just for your information: .ch is Switzerland, not Czech Republic
23. Re:Who reads those things anyway? by Anonymous Coward · 2009-02-04 22:42 · Score: 0
  
  Then immediate visual queues that you're in the right
  It's "cues" not "queues" damn it!
24. Re:Who reads those things anyway? by Anonymous Coward · 2009-02-05 07:16 · Score: 0
  
  The Czech Republic is .cz; .ch is Switzerland.
25. Re:Who reads those things anyway? by Anonymous Coward · 2009-02-05 10:53 · Score: 0
  
  I guess it was Swiss cheesy.
Some should rip in to the fake person giving out t by Joe+The+Dragon · 2009-02-04 06:25 · Score: 2, Informative

Some should rip in to the fake person giving out the tickets like people do to the real meter maids as you see do on A&E parking wars. And if they are not real say I'm calling the cops as I don't think they will like to have people giving out fake tickets.
More important than a face on the criminal by erroneus · 2009-02-04 06:26 · Score: 2, Funny

There is also a neck we can hang them from... someone police can pursue and arrest, more direct money to follow... leads.
I really want to see some terrible, nearly unimaginable things happen to these people. Some people feel this way about drug pushers. Others feel this way about child molesters. For me, it is malware. Oh I think of the children too, but frankly, a lot can be done in the way of prevention if only most parents paid attention to their own children that would address a good portion of the child molestation thing and as drugs go... well, once again, people don't get hooked on drugs unless they had some other problems that precipitated it first. If they were raised well, odds are better that they'd not be a drug addict.
1. Re:More important than a face on the criminal by Crashspeeder · 2009-02-04 06:51 · Score: 1
  
  I can understand your hatred for this dishonest way of life but I completely disagree with your child molestation and drug views.
  Children are most likely to be molested by somebody close to the family. Possibly a family member or boyfriend/girlfriend of the parent, not some random person off the street. As for drugs, having shit happen to you is no excuse. People use because they want to use and like the feeling. That's what it boils down to. Some people have addictive personalities plain and simple and are more likely to give into the peer pressure to try said drugs.
  I have a friend that's done cocaine before and it left him afraid of ever doing it again because of how addicting it was. There's nothing wrong with experimentation if you're physically and mentally strong enough to ONLY experiment and not fall victim.
  Back to the malware though, social engineering has been around since humans started keeping secrets. It'll never go away and there's nothing we can do to beat it except wise up. People are dumb and there will always be those that fall for this kind of thing (though a fake ticket even I would likely fall for until I had to install software). Short of windows periodically wiping itself and starting fresh I don't think we can stop zombie computers and malware/viruses.
2. Re:More important than a face on the criminal by Anonymous Coward · 2009-02-04 07:49 · Score: 0
  
  In that list of who is likely to molest children, I would redo the ordering. Put parents first as most likely to molest children.
  
  Sad, I know.
3. Re:More important than a face on the criminal by Anonymous Coward · 2009-02-04 09:01 · Score: 0
  
  So what were those odd? You have some first hand knowledge about drug addiction that let's you speak as an expert?
  People don't need a problem to get hooked on drugs. Some of us with happy home lives just liked getting high.
  You're on the right track with spending time with your kids, but if you talk to them with the same kind of sweeping generalizations, I wouldn't expect them to pay much attention.
4. Re:More important than a face on the criminal by Anonymous Coward · 2009-02-04 11:23 · Score: 0
  
  Judging by that incoherent paragraph, you're probably the malware author, a kid, and a drug addict.
  
  Others feel this way about child molesters. For me, it is malware.
  Where'd the malware touch you?
  
  If they were raised well, odds are better that they'd not be a drug addict.
  They'd be gambling addicts.
Should be pretty easy to stop by damn_registrars · 2009-02-04 06:27 · Score: 2, Interesting

If the flier says "go to evilticketcontesting.com", you just need to find who that domain is registered to, and contact the registrar and ISP to have it shut down. This is quick and straightforward, since internet registrars all keep good records of who they sell domains to, and all ISPs respond quickly to requests that are written in plain English. We should have this problem licked in time for dinner.

Oh, wait. Registrar accreditation is handled by these bumbling idiots. And how many ISPs that offer hosting services respond to much of anything?

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Should be pretty easy to stop by damn_registrars · 2009-02-05 15:34 · Score: 1
  
  I'm a little disappointed that nobody realized I was being sarcastic in that one. Not sure how the bumbling idiots link got garbled into a non-link, but the text before it should have been a dead giveaway.
  
  There are many, many registrars that keep records that wouldn't even pass as "horrible" in terms of identifying the true owner of a domain. And most of the spammers and scammers know which registrars they are, and use them for their business.
  
  Also, there are many, many ISPs and hosting services that either don't speak English because they are in non-English speaking countries, or they pretend to not speak English when contacted with a problem (as in their front page is in English but their customer service is not). Again, the spammers and scammers know who those are and go to them for most of their business.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Omg... by Noxn · 2009-02-04 06:28 · Score: 2

Genius!
Now you can get viruses by looking at anything with text on it!

WARNING This virus requires:
-A Computer running Windows
-Human stupidity, but not that much (i would fall for that maybe)

--
By reading this you agree to give me (Noxn) 1 dollar.
1. Re:Omg... by Creepy · 2009-02-04 07:35 · Score: 1
  
  The computer not only needs to be running Windows, but also IE according to the exploit report.
  This is hardly the first virus to use that method - I've heard of similar 1-click or no-click infections using flaws in IE (specifically because it is the dominant browser - other browsers have flaws, too).
  And from the initial poster, new viruses rarely have signatures right away - it usually takes several days from the initial report before they appear in a definitions file. When my wife popped a malicious e-card last year it installed 29 viruses through a downloader web site. The number of these detected by Trend Micro AV on the day of infection? 5. Fortunately no root kits with that one, and a date scan rooted out the infected files, but I still spent a couple of hours a weekend for a month cleaning the registry and fixing all the files it modified (starting with the more dangerous ones like the http address redirect and safe machines list and other backdoors and then moving to the registry keys, and since I had moved all the files into an infected.zip archive those registry keys were pretty much useless anyway). I submitted several of those viruses to Trend Micro (a few were caught before I had time to fix them but after the first day, and a few I deleted before deciding I really should submit any undiscovered ones).
The weirdest thing just happened to me by mandark1967 · 2009-02-04 06:30 · Score: 5, Funny

I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.

--
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
1. Re:The weirdest thing just happened to me by _Sprocket_ · 2009-02-04 09:17 · Score: 1
  
  Did he have a fish on his head and a loaf of bread under one arm? That's how you know they're legit.
2. Re:The weirdest thing just happened to me by Anonymous Coward · 2009-02-04 11:09 · Score: 0
  
  I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.
  Oblig. webcomic link.
You don't even need a Virus or Malware to pull thi by Joe+The+Dragon · 2009-02-04 06:34 · Score: 2, Insightful

You don't even need a Virus or Malware to pull this off all you is a pay on link that takes your CC # and that likely will work even on super locked systems.
I wouldn't. by SanityInAnarchy · 2009-02-04 06:35 · Score: 1

What makes it slightly scary is that it claims to be a parking violation.
However, I would likely make a very loud noise about being required to not only have Internet, but also a specific browser and a specific operating system, and having to download their software.
For unemployment, at least here, the entire thing is done over the Internet. However, the website pretty much works in any browser (though the layout was slightly off in Konqueror), and if you don't have Internet (or a computer), you walk to the unemployment office, they sit you down at one of their computers, and you do it there.
For a parking violation to be so unaccessible has got to be violating some regulation somewhere.

Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
Also goes to show how a little paranoia goes a long way.

--
Don't thank God, thank a doctor!
That's how you make money on these things by hellfire · 2009-02-04 06:42 · Score: 2, Insightful

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.
We have an abundance of uneducated people in the US, specifically those who don't know or understand the dangers of the internet. Also, a low infection rate is all it takes to get some return on investment.
To top it all off, Americans are first and foremost a scared people, especially of our own government and of forces outside our borders. Heaven forbid you piss off the government by not paying a parking ticket! You might lose your constitutional rights! Maybe they'll stop protecting you?!?!?! Maybe your a teenager who doesn't want your parents to find out?
Somehow these scams pay off and they only need a few suckers. And a new sucker is born every minute. Why do you think the "three cards, find the ace" scam still works in the alleyways and slums? It's one of the oldest scams in the book and those who are not educated don't know how it works and are easily manipulated.

--
"All great wisdom is contained in .signature files"
1. Re:That's how you make money on these things by Anonymous Coward · 2009-02-04 22:30 · Score: 0
  
  Maybe they'll stop protecting you?!?!?! Maybe your a teenager who doesn't want your parents to find out?
  Come on now, if you can manage
  "they'll" = "they will"
  then surely you can also manage
  "you're" (NOT "your") = "you are"?
Re:You don't even need a Virus or Malware to pull by denstark · 2009-02-04 06:45 · Score: 2, Funny

Holy lack of punctuation, batman!
Ninnle safe from this... by Anonymous Coward · 2009-02-04 06:46 · Score: 0

Ninnle Linux has enhanced security for this sort of thing.
If Microsoft made cars... by ddusza · 2009-02-04 06:47 · Score: 1, Funny

Ok, this article dredges up the old thread of "If Microsoft made cars" and the barbs cast back and forth about it. Makes me wonder, if the car was made by Microsoft, would the car get the virus directly from the malware flyer?

--
Don't fear the penguins
1. Re:If Microsoft made cars... by mysidia · 2009-02-04 14:57 · Score: 1
  
  Only if the brand of windshield you are using is MS Road Explorer (MSRE), and automatic execution of active scripting in viewed objects through the SOM (Scenery Object Model), or ActiveY is enabled.
  Also, the vehicle is safe from infection while turned off, so you'd be okay as long as you removed all the fliers before booting up your car.
A clever way to pen-test a client by Anonymous Coward · 2009-02-04 06:53 · Score: 0

It would be a clever method of pen-testing a local client.
Bad idea by gmuslera · 2009-02-04 06:55 · Score: 2, Funny

Only works locally, a parking cam can catch the real culprit (think in catching the originator of most of the spam/malware that goes thru email), and is somewhat shortlived (by the time most of the ones that got the ticket went to internet the site could have been taking down).

To make it much worse, YOU can catch him and take revenge of every spam/malware/spyware/virus you received ever. We can get an updated version of witch burning for the XXI century.
Re:Some should rip in to the fake person giving ou by Crashspeeder · 2009-02-04 06:59 · Score: 5, Funny

Some should rip in to the fake person giving out the tickets
How do you catch a fake person? Fake traps?
Windshield fliers by Hordeking · 2009-02-04 07:08 · Score: 2, Funny

Aren't those the little pieces of paper that go under my wipers and always make it rain/snow?

--
Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
You're missing the point. by IANAAC · 2009-02-04 07:09 · Score: 1

Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.

Most people have by now been taught to no click willy-nilly on the screen, but people get fliers and other handouts with URLS on them all the time. We've been conditioned that to be sure you are going to the sight you really intend to go to, you have to manually enter the full URL.
1. Re:You're missing the point. by morgan_greywolf · 2009-02-04 07:21 · Score: 1
  
  And? Again, just because there is a URL on the flier doesn't mean I'm going to install software from the website the URL points to.
  
  --
  My blog
2. Re:You're missing the point. by Firehed · 2009-02-04 07:36 · Score: 1
  
  True, but you're also a Slashdot user. Many people will be much more inclined to trust a site relayed to them offline, especially when it comes from a source that appears authoritative (such as mimicking a parking ticket, as TFS describes). You and I might call up City Hall and ask WTF is going on, but I'd bet that 95% or more of people that receive these fliers and hit the URL would get rooted.
  
  --
  How are sites slashdotted when nobody reads TFAs?
Obligatory Car Analogy by mrclisdue · 2009-02-04 07:14 · Score: 1

Ok, for a car analogy:
Let's say my car was a Linux,
then I'd have nothing to worry about.
cheers,
1. Re:Obligatory Car Analogy by Anonymous Coward · 2009-02-04 07:35 · Score: 0
  
  Unless your wife was missing along with one of your car seats.
2. Re:Obligatory Car Analogy by Crashspeeder · 2009-02-04 07:57 · Score: 1
  
  ...I don't see the problem. That sounds like a service you'd otherwise have to pay for.
Here, I fixed it for you by Giant+Electronic+Bra · 2009-02-04 07:21 · Score: 1

Phase 4: Get assaulted in prison
Phase 5: Sue
Phase 6: Profit!

--
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
1. Re:Here, I fixed it for you by Anonymous Coward · 2009-02-04 22:52 · Score: 0
  
  Where does Sue come into this. Is 'she' your butch transexual cellmate?
wow... so cool... by Abuzar · 2009-02-04 07:26 · Score: 0

Ingenious! Simple and novel, there's a beauty to this scam just in its form. I wonder how effective it is. The workings of outlaw minds can sometimes be very interesting indeed.
You might not fall for it... by rewt66 · 2009-02-04 07:27 · Score: 1

... because the domain probably didn't end in .gov It's supposed to be a parking ticket, right? But http://www.some.plausible.domain.name.com/ should be a red flag, just because of the .com
1. Re:You might not fall for it... by bhtooefr · 2009-02-04 11:38 · Score: 1
  
  Except Licking County, OH (my county) uses a .com for all their government business. - http://www.lcounty.com/
  Google it if you don't believe it (which, in this article, I don't blame you.)
Easy way to not have it be a problem by Anonymous Coward · 2009-02-04 07:28 · Score: 1, Insightful

Use a Mac. I never have to worry about new and directed attacks like this with OS X. The only way this could affect a Mac user is if they go to a website, and run a downloaded executable as root... something no legit parking ticket site would do.
1. Re:Easy way to not have it be a problem by zonky · 2009-02-04 07:51 · Score: 3, Insightful
  
  Something a user would certainly do, if they were told they needed to install a plugin to find their ticket, regardless of platform. This is a human problem, not a O/S security model problem.
2. Re:Easy way to not have it be a problem by el_gordo101 · 2009-02-04 08:10 · Score: 3, Insightful
  
  All they have to do is provide a convenient way for you to pay the "fine", something like this would work:
  To Pay you parking ticket online now, please fill out the following:
  Name:______________
  SSN:______________
  Credit Card Number:_______________
  Wouldn't matter what OS you were using if you hand over your info.
  
  --
  TODO: Insert witty sig
3. Re:Easy way to not have it be a problem by YouWantFriesWithThat · 2009-02-04 08:23 · Score: 1
  
  exactly!
  
  this is why i do all of my business using someone else's social security number. identity theft is a real problem!
Dear fliers-posting malware authors by Yvan256 · 2009-02-04 07:32 · Score: 4, Funny

I don't have a car, you insensitive clod!
New Slashdot layout by Valdrax · 2009-02-04 07:45 · Score: 1

Isn't this awesome new moderation system such a great part of this fantastic new layout?
That is exactly the reason I turned it off. Slashdot's interface is becoming all flash and no function.

--
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
1. Re:New Slashdot layout by blueZ3 · 2009-02-04 09:21 · Score: 1
  
  Flashdot?
  Wait, there was supposed to be function here? I just come for the flames.
  
  --
  Interested in a Flash-based MAME front end? Visit mame.danzbb.com
2. Re:New Slashdot layout by Tanktalus · 2009-02-04 10:41 · Score: 1
  
  As opposed to before this where it was no flash and no function? Honestly, I don't see any point in complaining. If you're reading/posting here, you're part of the problem, not the precipitate. Or solution. Or something.
3. Re:New Slashdot layout by Valdrax · 2009-02-05 10:29 · Score: 1
  
  Honestly, I don't see any point in complaining. If you're reading/posting here, you're part of the problem, not the precipitate. Or solution. Or something.
  And if you vote, you have no right to protest, eh?
  Man, who would give a damn about Slashdot sucking except the actual users? :grin:
  
  --
  If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
It works better when they are parked legally by EmbeddedJanitor · 2009-02-04 07:59 · Score: 2, Insightful

The victim gets all pissed and wants to see the evidence and yell at someone. Their rational thinking (what little they have) goes out the window.

--
Engineering is the art of compromise.
I bet the antivirus companies didn't have it ... by Ungrounded+Lightning · 2009-02-04 07:59 · Score: 4, Informative

... right away because they get their earliest warnings from honeypot machines and this one uses an offline vector.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Can I have a copy of the fake ticket please? by Anonymous Coward · 2009-02-04 08:17 · Score: 0

I would like to make 100 copies for myself and stick them on any car I see parked like that SUV in the picture.
Jeeze, all you /.'ers and no one figured out that the ticket might be from someone like me that wants to get even with dweebs too rude to park in their own spot?
I bet the actual malware and whatnot was already out there. Some OTHER smart guy made the fake ticket with a link just to get even.
I need a pair of latex gloves then I can print my own at my colleague's computer. I have 20 cars in my office parking lot parked like that right now. I want to hit them before COB today.
Re:I bet the antivirus companies didn't have it .. by Kernel+Rootkits · 2009-02-04 08:34 · Score: 0

Well first off, that is not the only method of acquiring samples. Second, the VirusTotal report uses default settings right? So it uses limited heuristics, therefore providing an inaccurate representation of real world AV results for those of us who properly configured our scanners. Am I right?
Re:I bet the antivirus companies didn't have it .. by 99BottlesOfBeerInMyF · 2009-02-04 08:47 · Score: 1

I bet the antivirus companies didn't have it right away because they get their earliest warnings from honeypot machines and this one uses an offline vector.
Well, they also monitor network traffic looking for network usage signatures that are likely to be worms or viruses and do not match known malware. I suspect the limited range of this malware causes little traffic, since it is only machines from a tiny number of people who obtained a flyer. It is likely just not big enough to have shown up yet.
Notice Sent to UND Students. by Myuu · 2009-02-04 08:49 · Score: 4, Informative

Urgent! Bogus Parking Tickets Found on Campus Refer Recipients to Virus-laden Web site
Do Not Go To This Web Site!!!
A message concerning bogus parking tickets being distributed on campus that was sent out late Monday contained the URL of a Web site that carries a computer virus. We are resending that message below with the problem URL removed:
Here is the message:
UPD received a call on Jan. 31, 2009 pertaining to someone issuing bogus parking tickets in the parking lot directly east of the ramp. The ticket is yellow in color and states the following: "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to XXXXXXX.COM" (URL not used for computer safety reasons)
DO NOT GO TO THIS WEBSITE!! IT CONTAINS A VIRUS!
If you visit the Web site and click on the link to view pictures of horrible parking, you will download a virus onto your computer.
Should anyone have any information pertaining to this, please contact UND Police at 777-3491.
Lt. Dan Lund
Night Shift Supervisor
UND Police Dept.

--

forget it.
1. Re:Notice Sent to UND Students. by Endo13 · 2009-02-04 09:23 · Score: 2, Insightful
  
  Ok, but when I try to go to XXXXXXX.COM it doesn't say anything about parking tickets. It says they want to help me find Car Insurance, Chat, Work From Home, Cheap Flights and other stuff. What now?
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
2. Re:Notice Sent to UND Students. by noidentity · 2009-02-04 11:56 · Score: 2, Funny
  
  That's funny; the notice I received just said
  "Urgent! Bogus Parking Tickets Found on Campus Refer Recipients to Virus-laden Web site
  Do Not Go To This Web Site!!!
  For more information, please visit the following website: [website address was here]"
3. Re:Notice Sent to UND Students. by Anonymous Coward · 2009-02-04 13:37 · Score: 0
  
  Mod parent funny :)
4. Re:Notice Sent to UND Students. by bruno.fatia · 2009-02-04 16:09 · Score: 1
  
  Are you seeing the same XXXxxxXXX.COM website as me? For me it says something about making my penis bigger and a few input boxes for my credit card number.
  Maybe some DNS stuff but anyways...
5. Re:Notice Sent to UND Students. by shungi · 2009-02-04 19:00 · Score: 1
  
  What about http://www.xxxxxxxxxxxxxxxxxxxxxxxxxxx.com/ One wonders which site has the most number of x's?
NEWSFLASH!!! by SCHecklerX · 2009-02-04 08:49 · Score: 1, Insightful

malware is, and always will be, a stupid user issue. You can't solve stupid user issues with technology. Antivirus software is a sham, and a virus itself.
1. Re:NEWSFLASH!!! by The_mad_linguist · 2009-02-04 14:09 · Score: 1
  
  Always? Excellent. So if there's some unpatched vulnerability in your network drivers, which has not yet been publicized, clearly it's your fault if some black hat exploits it and gains root access to your computer.
2. Re:NEWSFLASH!!! by SCHecklerX · 2009-02-06 07:58 · Score: 1
  
  That's a worm, not a virus. I said nothing about patching. I was referring to viruses.
Give Darwin a chance, folks. by 140Mandak262Jamuna · 2009-02-04 08:52 · Score: 1

All those schmucks who are running Internet Explorer will get the virus. They deserve all they can get for installing random executables from random websites. Doesn't matter if they don't understand what they are doing. Unless they face the consequences of their actions, they will never change. Simple Darwinian principle.
And we informed slashdotters will use FireFox with NoSript extension and laugh at them.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Give Darwin a chance, folks. by dedazo · 2009-02-04 09:04 · Score: 1
  
  Malware = stupidity (or more gently, lack of common sense).
  Reminds me of a recent xkcd.
  
  --
  Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
The root of the problem by neapolitan · 2009-02-04 09:12 · Score: 2, Funny

You guys are missing the root of the problem. If the cars didn't have windows, then the users wouldn't have gotten infected.
I suggest a car like this.
http://www.m38a1.com/images/Archives/jeep%20_105%20gun%20jpg.jpg :p

--
Slashdotter, ID #101. UIDs are in binary, right?
1. Re:The root of the problem by Anonymous Coward · 2009-02-04 13:45 · Score: 1, Funny
  
  Come on, enough with the flaming of windows already!!!
Re:I bet the antivirus companies didn't have it .. by Tacvek · 2009-02-04 09:15 · Score: 1

Besides, not all virus scanners can search the contents of all installer types, and the installer is what was passed to the site. The results of the installation will probably trigger more virus scanners.

--
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Not on this OS by 5n3ak3rp1mp · 2009-02-04 10:55 · Score: 1

These creative attempts at taking control of my computer won't fly on my beloved Mac Pro, I'm going to enjoy my low marketshare while it lasts...
Yet another reason... by WoodenTable · 2009-02-04 12:25 · Score: 2, Funny

...to not use Microsoft Windshields and the stuff it comes bundled with.
(love the fuzzy dice, though. why do people always say they cause crashes? strange.)
Wow...kind of surreal by vaxius · 2009-02-04 12:56 · Score: 1

I was kind of intrigued at the title of this story, as I've never heard of malware being spread in this fashion. I was even more surprised that this happened in Grand Forks, the city (most of you would call it a town, but everything seems to be called a city here in North Dakota) where I live. The last time I remember Grand Forks being in the news was the flood of '97.
Re:I bet the antivirus companies didn't have it .. by mysidia · 2009-02-04 15:03 · Score: 1

Some antivirus software programs use heuristic methods, the heuristic scanner could detect the malware, if it _really_ is unique (and not just reuse or a new variant of existing malware).
Heuristic AV software can collect and forward samples to AV makers who will then have it available.
There is so much malware out there though, that AV makers may not consider it a priority to fully id the new bad code, and design robust patterns to detect its variants, if there are only isolated infections.
Re:Some should rip in to the fake person giving ou by Repton · 2009-02-04 15:43 · Score: 1

Nah, you've gotta know their habits.
The best place to bag a few is down at local clothing stores. Just watch out 'cause they camouflage amongst the real ones, and you can't even do catch-and-release with those.

--
Repton.
They say that only an experienced wizard can do the tengu shuffle.
Tickets on Illegally parked Cop cars by Anonymous Coward · 2009-02-04 16:20 · Score: 1, Interesting

They should put some of those parking tickets on cop cars. See how many cops fall for it!
Shopping malls by C0quette · 2009-02-04 17:43 · Score: 1

Technically, they probably carefully avoided a tech savvy Slashdot crowd.

By targetting parking lots outside large shopping malls outside the city centers I am sure they attack people listening to Britney Spears rather those rolling their own kernels. The chance of duping someone there seems more likely to me.

Hmmm. Next /. poll. How often do you visit shopping malls.

1. Every day.
2. Several times a week
3. Several times a month
4. A few times every year
5. Grok you?
Re:I bet the antivirus companies didn't have it .. by Anonymous Coward · 2009-02-04 19:08 · Score: 0

yes, but nice to see that Avira (the free for personal use AV which I have recommended to all and sundry for many years) was one of 7% of the AV vendors who did detect it.
Don't need a signature. by Khyber · 2009-02-05 05:37 · Score: 1

Who needs a signature to fight this nonsense when those fliers are likely covered in fingerprints that most likely belong to some criminals.
The bread crumb trail you'll discover after you find the distributors will likely lead you to the author.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.