Slashdot Mirror
Malware Spreading Via ... Windshield Fliers?
wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."
As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.
but I can't seriously imagine this being a widespread problem.
Maybe a few people in a town would end up affected, but the cost in time/effort required to trap victims is impractical considering what a simple email can do.
while(1) attack(People.Sandy);
What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
After all, do you know what a parking ticket looks like in your city, to be able to distinguish between a real one and a fake? I would suspect that most people who recognize the real thing either wouldn't bother to try to contest one, or don't do anything about them anyways. But for the larger portion of a city's population who has not been ticketed, they could well have a hard time telling a fake from the real thing.
And then you add in people who are from out of town, who would much rather not have to go back to your city to deal with a ticket...
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
1. You are parked legally
2. Everybody else has these "tickets"
And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html
I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.
I read the internet for the articles.
Some should rip in to the fake person giving out the tickets like people do to the real meter maids as you see do on A&E parking wars. And if they are not real say I'm calling the cops as I don't think they will like to have people giving out fake tickets.
There is also a neck we can hang them from... someone police can pursue and arrest, more direct money to follow... leads.
I really want to see some terrible, nearly unimaginable things happen to these people. Some people feel this way about drug pushers. Others feel this way about child molesters. For me, it is malware. Oh I think of the children too, but frankly, a lot can be done in the way of prevention if only most parents paid attention to their own children that would address a good portion of the child molestation thing and as drugs go... well, once again, people don't get hooked on drugs unless they had some other problems that precipitated it first. If they were raised well, odds are better that they'd not be a drug addict.
If the flier says "go to evilticketcontesting.com", you just need to find who that domain is registered to, and contact the registrar and ISP to have it shut down. This is quick and straightforward, since internet registrars all keep good records of who they sell domains to, and all ISPs respond quickly to requests that are written in plain English. We should have this problem licked in time for dinner.
Oh, wait. Registrar accreditation is handled by these bumbling idiots. And how many ISPs that offer hosting services respond to much of anything?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Genius!
Now you can get viruses by looking at anything with text on it!
WARNING This virus requires:
-A Computer running Windows
-Human stupidity, but not that much (i would fall for that maybe)
By reading this you agree to give me (Noxn) 1 dollar.
I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
You don't even need a Virus or Malware to pull this off all you is a pay on link that takes your CC # and that likely will work even on super locked systems.
I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.
We have an abundance of uneducated people in the US, specifically those who don't know or understand the dangers of the internet. Also, a low infection rate is all it takes to get some return on investment.
To top it all off, Americans are first and foremost a scared people, especially of our own government and of forces outside our borders. Heaven forbid you piss off the government by not paying a parking ticket! You might lose your constitutional rights! Maybe they'll stop protecting you?!?!?! Maybe your a teenager who doesn't want your parents to find out?
Somehow these scams pay off and they only need a few suckers. And a new sucker is born every minute. Why do you think the "three cards, find the ace" scam still works in the alleyways and slums? It's one of the oldest scams in the book and those who are not educated don't know how it works and are easily manipulated.
"All great wisdom is contained in .signature files"
Holy lack of punctuation, batman!
Only works locally, a parking cam can catch the real culprit (think in catching the originator of most of the spam/malware that goes thru email), and is somewhat shortlived (by the time most of the ones that got the ticket went to internet the site could have been taking down).
To make it much worse, YOU can catch him and take revenge of every spam/malware/spyware/virus you received ever. We can get an updated version of witch burning for the XXI century.
Some should rip in to the fake person giving out the tickets
How do you catch a fake person? Fake traps?
Aren't those the little pieces of paper that go under my wipers and always make it rain/snow?
Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
I don't have a car, you insensitive clod!
Something a user would certainly do, if they were told they needed to install a plugin to find their ticket, regardless of platform. This is a human problem, not a O/S security model problem.
The victim gets all pissed and wants to see the evidence and yell at someone. Their rational thinking (what little they have) goes out the window.
Engineering is the art of compromise.
... right away because they get their earliest warnings from honeypot machines and this one uses an offline vector.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
To Pay you parking ticket online now, please fill out the following:
Name:______________
SSN:______________
Credit Card Number:_______________
Wouldn't matter what OS you were using if you hand over your info.
TODO: Insert witty sig
Urgent! Bogus Parking Tickets Found on Campus Refer Recipients to Virus-laden Web site
Do Not Go To This Web Site!!!
A message concerning bogus parking tickets being distributed on campus that was sent out late Monday contained the URL of a Web site that carries a computer virus. We are resending that message below with the problem URL removed:
Here is the message:
UPD received a call on Jan. 31, 2009 pertaining to someone issuing bogus parking tickets in the parking lot directly east of the ramp. The ticket is yellow in color and states the following: "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to XXXXXXX.COM" (URL not used for computer safety reasons)
DO NOT GO TO THIS WEBSITE!! IT CONTAINS A VIRUS!
If you visit the Web site and click on the link to view pictures of horrible parking, you will download a virus onto your computer.
Should anyone have any information pertaining to this, please contact UND Police at 777-3491.
Lt. Dan Lund
Night Shift Supervisor
UND Police Dept.
forget it.
You guys are missing the root of the problem. If the cars didn't have windows, then the users wouldn't have gotten infected.
I suggest a car like this.
http://www.m38a1.com/images/Archives/jeep%20_105%20gun%20jpg.jpg :p
Slashdotter, ID #101. UIDs are in binary, right?
...to not use Microsoft Windshields and the stuff it comes bundled with.
(love the fuzzy dice, though. why do people always say they cause crashes? strange.)