Malware Spreading Via ... Windshield Fliers?

← Back to Stories (view on slashdot.org)

Malware Spreading Via ... Windshield Fliers?

Posted by timothy on Wednesday February 4, 2009 @06:12AM from the right-at-home-with-the-bug-guts dept.

wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."

36 of 207 comments (clear)

Min score:

Reason:

Sort:

Neat but.. by Dyinobal · 2009-02-04 06:14 · Score: 5, Insightful

As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.
1. Re:Neat but.. by bensafrickingenius · 2009-02-04 06:16 · Score: 5, Funny
  
  Absolutely. And just think of actually having the chance to get your hands on one of those assholes. My god, the frustrations I could take out on him!
  
  --
  I am not left-handed, either!
2. Re:Neat but.. by Anonymous Coward · 2009-02-04 06:30 · Score: 5, Funny
  
  My god, the frustrations I could take out on him!
  Also, we could use violence.
3. Re:Neat but.. by Captain+Spam · 2009-02-04 06:33 · Score: 5, Insightful
  
  Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for, not a malicious malware author/user hiding in an apartment somewhere while his freshly-hired lackeys unwittingly do his bidding.
  So unfortunately, catching the guy distributing the fliers wouldn't do you any good, unless you're really THAT upset with the practice of windshield fliering in the first place.
  The fake parking tickets, though, those are probably illegal in and of themselves, and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity, so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.
  
  --
  Demanding constant attention will only lead to attention.
4. Re:Neat but.. by pclminion · 2009-02-04 06:37 · Score: 3, Insightful
  
  Some homeless person who some random dude paid $20 to slap a bunch of fliers on cars is going to help you how?
5. Re:Neat but.. by Smidge204 · 2009-02-04 06:53 · Score: 4, Funny
  
  Phase 1: Pose as college student looking to make a few bucks
  Phase 2: Get to know person distributing the fliers to students
  Phase 3: Stand trial for aggravated assault with no regrets.
  =Smidge=
6. Re:Neat but.. by Cynonamous+Anoward · 2009-02-04 07:19 · Score: 5, Funny
  
  Phase 1: Pose as college student looking to make a few bucks
  Phase 2: ???
  Phase 3: PROFIT!!!
  There, fixed that for you.
  
  --
  "The GPL is viral by design, like any good religion."
7. Re:Neat but.. by Anonymous Coward · 2009-02-04 07:54 · Score: 4, Insightful
  
  unless you're really THAT upset with the practice of windshield fliering in the first place.
  
  Yes, I am. There are certain behaviors everyone should know are asshattery. Being a "poor college student" does not make it okay to take a job being a total jerk (telemarketing, spammer, virus writer, and the person who sprays people unasked with perfume).
8. Re:Neat but.. by Anonymous+Cowpat · 2009-02-04 07:58 · Score: 4, Interesting
  
  Except in the UK, where it's a public servant with little or no training who, in some instances, actually has more power than a real police officer.
  
  --
  FGD 135
9. Re:Neat but.. by bornwaysouth · 2009-02-04 08:02 · Score: 3, Interesting
  
  What a waste of an idea. I don't understand why they were messing about with such a low payback as malware. Spam relies on say a 0.1% success rate, but millions of fliers. Physical fliers are too costly.
  
  Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while. Especially if the 'objections' site informed you that there had a substantial backlog of cases, and had to be evaluated, parameterized and prioritised. ("and we hope to get back to you before the one month follow up or discard period has passed.) It should be good for two weeks of Paypal heaven. Of course the flier distributor would be caught on video, and identified as wearing a sort of uniform with dayglo highlights including a cap and sunglasses, but hey, its a clue isn't it.
  
  The other worthwhile bit would be advertising. Being caught doing something illegal has your attention. Wow, what an attention grabbing gift. You actually are likely to read the flier. Going to a site www.payubastards.com would be sufficient warning that you are not in standard territory. Opening page tells you that you are (1) a miscreant and (2) so what, rip up the notice and enjoy the site, brought to you by ....
  
  Of course, city councils would be furious at the disrespect and would find something illegal about it. But if the site poked fun at council misspending and other idiocies, the shut-down could become politically expensive. Political change could be the real objective of the fliers.
10. Re:Neat but.. by 1729 · 2009-02-04 09:04 · Score: 4, Interesting
  
  Now, handing out fake tickets to those obviously illegally parked could net a useful income for a while.
  Someone did that for a while in Madison, WI:
  http://www.madison.com/tct/news/stories/302436
  His trial begins on the 19th.
11. Re:Neat but.. by pasv · 2009-02-04 09:16 · Score: 4, Insightful
  
  My god, the frustrations I could take out on him!
  Also, we could use violence.
  Do you think the people putting these flyers on cars are the real authors. i could just as easily pay some little kid 40 bux worth of weed to go around that parking lot of that nice corporate office over there and put these flyers out :P
12. Re:Neat but.. by Nick+Ives · 2009-02-04 09:24 · Score: 3, Informative
  
  Indeed. I remember hearing about a Nigerian 419 scammer who got hold of a lad with learning difficulties in America. After he fleeced him for all he could get he gave him a job funneling money from other marks. He had a lot more success because people thought he had a genuine presence in the USA. The poor kid thought he had an honest job and was going to get paid "any day now"...
  
  --
  Nick
Clever idea... by O('_')O_Bush · 2009-02-04 06:17 · Score: 4, Insightful

but I can't seriously imagine this being a widespread problem.

Maybe a few people in a town would end up affected, but the cost in time/effort required to trap victims is impractical considering what a simple email can do.

--
while(1) attack(People.Sandy);
1. Re:Clever idea... by IamGarageGuy+2 · 2009-02-04 06:23 · Score: 4, Insightful
  
  Maybe this is supposed to be a local infection by design. Maybe to attack a local business or gov. office. Anybody have any ideas of how a local ip could be used to attack something?
  
  --
  Stay tuned for new sig...
2. Re:Clever idea... by SatanicPuppy · 2009-02-04 06:40 · Score: 4, Interesting
  
  Depends on where you target your fliers. Put 'em around city hall, and you may be able to get some schmuck to compromise their internal network. Or a bank, or a big company, etc, etc.
  That would be the big advantage of being able to geographically target your scam.
  
  --
  ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
3. Re:Clever idea... by Zerth · 2009-02-04 06:51 · Score: 5, Interesting
  
  Sure, some security testing firms have already added "leave trojaned USB sticks in the parking lot" to their list of tests.
  Slap these on cars before lunch, everyone who goes out to lunch will probably check the url when they get back on their work computer.
A virus I'd actually fall for by pwnies · 2009-02-04 06:18 · Score: 4, Insightful

What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.
1. Re:A virus I'd actually fall for by zappepcs · 2009-02-04 06:24 · Score: 5, Funny
  
  welcome to the world of personal computing! Now that you've made the decision to dedicate at least some part of your life to staring at a screen and tapping on a keyboard, you should know that we (The Internets) have been working hard to make your computing experience as exciting as possible.
  Everyday you will have to learn more and more about computing just to keep up with trends, and if that isn't enough, we have some software coders that want to play a game with you. It's called "Show me your password and finance details" and is such an exciting game you will soon forget all about Zelda. Never mind looking for the hidden doors or avoiding poisonous frogs. In this game, every key you touch could be the one that causes you to lose.
  We also have many other options to fill your time. We're glad you are here, enjoy computing in the Internets.
  Sincerely,
  I.M. Rogue
  
  --
  Support NYCountryLawyer RIAA vs People
2. Re:A virus I'd actually fall for by Guiness17 · 2009-02-04 06:29 · Score: 5, Interesting
  
  Agreed, I could've fallen for this myself. I got a ticket about a year ago in a city I didn't live in, and lo and behold, it had a website on it for paying online. Ticket looked official, but on second thought, I couldn't be sure, having never seen one from that city before. I blindly typed in the URL... I'd like to believe I would have picked off a phishing scam, but still, I took the first step.
  
  --
  Imagine for a moment a world without hypothetical situations...
3. Re:A virus I'd actually fall for by Hyppy · 2009-02-04 07:20 · Score: 5, Insightful
  
  it still fails to computer literate common sense, "why would i need to install something to..."
  Flash. Silverlight. Java. Adobe Reader. Windows Update controls.
  
  People are getting used to installing applications to interact with "trusted" parties.
That is pretty clever... by damn_registrars · 2009-02-04 06:21 · Score: 4, Interesting

After all, do you know what a parking ticket looks like in your city, to be able to distinguish between a real one and a fake? I would suspect that most people who recognize the real thing either wouldn't bother to try to contest one, or don't do anything about them anyways. But for the larger portion of a city's population who has not been ticketed, they could well have a hard time telling a fake from the real thing.

And then you add in people who are from out of town, who would much rather not have to go back to your city to deal with a ticket...

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:That is pretty clever... by pwnies · 2009-02-04 06:26 · Score: 4, Funny
  
  do you know what a parking ticket looks like in your city
  Only one way to find out. Lemme borrow your keys.
2. Re:That is pretty clever... by pluther · 2009-02-04 06:50 · Score: 3, Interesting
  
  Not always.
  In Eugene, Oregon, for instance, much of the parking is contracted out to a company called Diamond, which has the authority to issue tickets.
  These tickets have no phone numbers on them, though they do include an address to mail your payment to.
  There seems to be no way of contesting the tickets, either, which was annoying a while back when I got a ticket about a minute before the time had expired.
  
  --
  If the masses can keep you down, you're not the Ubermensch.
3. Re:That is pretty clever... by damn_registrars · 2009-02-04 07:11 · Score: 4, Insightful
  
  Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.
  Isn't this awesome new moderation system such a great part of this fantastic new layout? Nobody liked the "confirm" button from the previous system, right?
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Who reads those things anyway? by jandrese · 2009-02-04 06:23 · Score: 5, Informative

I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
1. You are parked legally
2. Everybody else has these "tickets"

And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

--

I read the internet for the articles.
1. Re:Who reads those things anyway? by RiotingPacifist · 2009-02-04 06:33 · Score: 3, Insightful
  
  I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a good infection rate.
  *fixed*
  
  --
  IranAir Flight 655 never forget!
2. Re:Who reads those things anyway? by Billhead · 2009-02-04 06:34 · Score: 3, Insightful
  
  And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html
  
  How is the average person supposed to know that a suspicious address? For all they know it could be some sort of acronym, and would the average Joe actually notice that the alleged government site doesn't have a .gov TLD?
3. Re:Who reads those things anyway? by pavon · 2009-02-04 06:37 · Score: 4, Interesting
  
  1. You are parked legally
  2. Everybody else has these "tickets"
  I've gotten tickets when I was parked legally and successfully contested them. All the other cars on the block were also incorrectly ticketed at the same time - apparently a cop misunderstood the parking rules, or didn't know how to operate a watch.
  Furthermore, given the city's trend of contracting out ticking, the fact that the URL pointed to some third party website and not a subdomain of the city or county sites wouldn't have set off any red flags either (although one hosted in the Czech Republic would :). The red-light tickets we get in the mail today directs you to the website of the contracted company and not to the city website.
The weirdest thing just happened to me by mandark1967 · 2009-02-04 06:30 · Score: 5, Funny

I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.

--
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Re:Some should rip in to the fake person giving ou by Crashspeeder · 2009-02-04 06:59 · Score: 5, Funny

Some should rip in to the fake person giving out the tickets
How do you catch a fake person? Fake traps?
Dear fliers-posting malware authors by Yvan256 · 2009-02-04 07:32 · Score: 4, Funny

I don't have a car, you insensitive clod!
Re:Easy way to not have it be a problem by zonky · 2009-02-04 07:51 · Score: 3, Insightful

Something a user would certainly do, if they were told they needed to install a plugin to find their ticket, regardless of platform. This is a human problem, not a O/S security model problem.
I bet the antivirus companies didn't have it ... by Ungrounded+Lightning · 2009-02-04 07:59 · Score: 4, Informative

... right away because they get their earliest warnings from honeypot machines and this one uses an offline vector.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Re:Easy way to not have it be a problem by el_gordo101 · 2009-02-04 08:10 · Score: 3, Insightful

All they have to do is provide a convenient way for you to pay the "fine", something like this would work:
To Pay you parking ticket online now, please fill out the following:
Name:______________
SSN:______________
Credit Card Number:_______________
Wouldn't matter what OS you were using if you hand over your info.

--
TODO: Insert witty sig
Notice Sent to UND Students. by Myuu · 2009-02-04 08:49 · Score: 4, Informative

Urgent! Bogus Parking Tickets Found on Campus Refer Recipients to Virus-laden Web site
Do Not Go To This Web Site!!!
A message concerning bogus parking tickets being distributed on campus that was sent out late Monday contained the URL of a Web site that carries a computer virus. We are resending that message below with the problem URL removed:
Here is the message:
UPD received a call on Jan. 31, 2009 pertaining to someone issuing bogus parking tickets in the parking lot directly east of the ramp. The ticket is yellow in color and states the following: "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to XXXXXXX.COM" (URL not used for computer safety reasons)
DO NOT GO TO THIS WEBSITE!! IT CONTAINS A VIRUS!
If you visit the Web site and click on the link to view pictures of horrible parking, you will download a virus onto your computer.
Should anyone have any information pertaining to this, please contact UND Police at 777-3491.
Lt. Dan Lund
Night Shift Supervisor
UND Police Dept.

--

forget it.