Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Spreading Via ... Windshield Fliers?

Posted by timothy on from the right-at-home-with-the-bug-guts dept.

wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."

24 of 207 comments (clear)

  1. Neat but.. by Dyinobal · · Score: 5, Insightful

    As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.

    1. Re:Neat but.. by Captain+Spam · · Score: 5, Insightful

      Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for, not a malicious malware author/user hiding in an apartment somewhere while his freshly-hired lackeys unwittingly do his bidding.

      So unfortunately, catching the guy distributing the fliers wouldn't do you any good, unless you're really THAT upset with the practice of windshield fliering in the first place.

      The fake parking tickets, though, those are probably illegal in and of themselves, and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity, so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.

      --
      Demanding constant attention will only lead to attention.
    2. Re:Neat but.. by pclminion · · Score: 3, Insightful

      Some homeless person who some random dude paid $20 to slap a bunch of fliers on cars is going to help you how?

    3. Re:Neat but.. by Anonymous Coward · · Score: 4, Insightful

      unless you're really THAT upset with the practice of windshield fliering in the first place.

      Yes, I am. There are certain behaviors everyone should know are asshattery. Being a "poor college student" does not make it okay to take a job being a total jerk (telemarketing, spammer, virus writer, and the person who sprays people unasked with perfume).

    4. Re:Neat but.. by pasv · · Score: 4, Insightful

      My god, the frustrations I could take out on him!

      Also, we could use violence.

      Do you think the people putting these flyers on cars are the real authors. i could just as easily pay some little kid 40 bux worth of weed to go around that parking lot of that nice corporate office over there and put these flyers out :P

    5. Re:Neat but.. by John+Hasler · · Score: 2, Insightful

      > So unfortunately, catching the guy distributing the fliers wouldn't do you any good...

      He knows who he got the flyers from.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    6. Re:Neat but.. by ResidntGeek · · Score: 2, Insightful

      Yes, it does. I care much more about being able to buy ramen than I do about your dinner not being interrupted, or your email inox having a few viagra ads in it. I fully expect other people to have the same priorities.

      --
      ResidntGeek
  2. Clever idea... by O('_')O_Bush · · Score: 4, Insightful

    but I can't seriously imagine this being a widespread problem.

    Maybe a few people in a town would end up affected, but the cost in time/effort required to trap victims is impractical considering what a simple email can do.

    --
    while(1) attack(People.Sandy);
    1. Re:Clever idea... by IamGarageGuy+2 · · Score: 4, Insightful

      Maybe this is supposed to be a local infection by design. Maybe to attack a local business or gov. office. Anybody have any ideas of how a local ip could be used to attack something?

      --
      Stay tuned for new sig...
  3. A virus I'd actually fall for by pwnies · · Score: 4, Insightful

    What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.

    1. Re:A virus I'd actually fall for by morgan_greywolf · · Score: 2, Insightful

      What scares me most is that this style of distribution is something I'd actually fall for.

      How so? Anytime I get a prompt to install anything from a website I'm not expecting, especially on Windows, I tell it no. Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.

      --
      My blog
    2. Re:A virus I'd actually fall for by Hyppy · · Score: 5, Insightful

      it still fails to computer literate common sense, "why would i need to install something to..."

      Flash. Silverlight. Java. Adobe Reader. Windows Update controls.

      People are getting used to installing applications to interact with "trusted" parties.

  4. Re:Who reads those things anyway? by RiotingPacifist · · Score: 3, Insightful

    I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a good infection rate.

    *fixed*

    --
    IranAir Flight 655 never forget!
  5. You don't even need a Virus or Malware to pull thi by Joe+The+Dragon · · Score: 2, Insightful

    You don't even need a Virus or Malware to pull this off all you is a pay on link that takes your CC # and that likely will work even on super locked systems.

  6. Re:Who reads those things anyway? by Billhead · · Score: 3, Insightful

    And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html

    How is the average person supposed to know that a suspicious address? For all they know it could be some sort of acronym, and would the average Joe actually notice that the alleged government site doesn't have a .gov TLD?

  7. Re:Who reads those things anyway? by Culture20 · · Score: 2, Insightful

    The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
    1. You are parked legally
    2. Everybody else has these "tickets"

    1. All the more reason you'd want to contest it
    2. Maybe the people leaving the tickets are instructed to ticket only 1/10 cars down a street? Even if not, I see people getting tickets all in a row quite often. Metermaids cut wide swaths with their pens.

  8. That's how you make money on these things by hellfire · · Score: 2, Insightful

    I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

    We have an abundance of uneducated people in the US, specifically those who don't know or understand the dangers of the internet. Also, a low infection rate is all it takes to get some return on investment.

    To top it all off, Americans are first and foremost a scared people, especially of our own government and of forces outside our borders. Heaven forbid you piss off the government by not paying a parking ticket! You might lose your constitutional rights! Maybe they'll stop protecting you?!?!?! Maybe your a teenager who doesn't want your parents to find out?

    Somehow these scams pay off and they only need a few suckers. And a new sucker is born every minute. Why do you think the "three cards, find the ace" scam still works in the alleyways and slums? It's one of the oldest scams in the book and those who are not educated don't know how it works and are easily manipulated.

    --

    "All great wisdom is contained in .signature files"

  9. Re:That is pretty clever... by damn_registrars · · Score: 4, Insightful

    Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.

    Isn't this awesome new moderation system such a great part of this fantastic new layout? Nobody liked the "confirm" button from the previous system, right?

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  10. Easy way to not have it be a problem by Anonymous Coward · · Score: 1, Insightful

    Use a Mac. I never have to worry about new and directed attacks like this with OS X. The only way this could affect a Mac user is if they go to a website, and run a downloaded executable as root... something no legit parking ticket site would do.

    1. Re:Easy way to not have it be a problem by zonky · · Score: 3, Insightful

      Something a user would certainly do, if they were told they needed to install a plugin to find their ticket, regardless of platform. This is a human problem, not a O/S security model problem.

    2. Re:Easy way to not have it be a problem by el_gordo101 · · Score: 3, Insightful
      All they have to do is provide a convenient way for you to pay the "fine", something like this would work:

      To Pay you parking ticket online now, please fill out the following:
      Name:______________
      SSN:______________
      Credit Card Number:_______________

      Wouldn't matter what OS you were using if you hand over your info.

      --
      TODO: Insert witty sig
  11. It works better when they are parked legally by EmbeddedJanitor · · Score: 2, Insightful

    The victim gets all pissed and wants to see the evidence and yell at someone. Their rational thinking (what little they have) goes out the window.

    --
    Engineering is the art of compromise.
  12. NEWSFLASH!!! by SCHecklerX · · Score: 1, Insightful

    malware is, and always will be, a stupid user issue. You can't solve stupid user issues with technology. Antivirus software is a sham, and a virus itself.

  13. Re:Notice Sent to UND Students. by Endo13 · · Score: 2, Insightful

    Ok, but when I try to go to XXXXXXX.COM it doesn't say anything about parking tickets. It says they want to help me find Car Insurance, Chat, Work From Home, Cheap Flights and other stuff. What now?

    --
    There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.