Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Spreading Via ... Windshield Fliers?

Posted by timothy on from the right-at-home-with-the-bug-guts dept.

wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."

12 of 207 comments (clear)

  1. Neat but.. by Dyinobal · · Score: 5, Insightful

    As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.

    1. Re:Neat but.. by bensafrickingenius · · Score: 5, Funny

      Absolutely. And just think of actually having the chance to get your hands on one of those assholes. My god, the frustrations I could take out on him!

      --
      I am not left-handed, either!
    2. Re:Neat but.. by Anonymous Coward · · Score: 5, Funny

      My god, the frustrations I could take out on him!

      Also, we could use violence.

    3. Re:Neat but.. by Captain+Spam · · Score: 5, Insightful

      Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for, not a malicious malware author/user hiding in an apartment somewhere while his freshly-hired lackeys unwittingly do his bidding.

      So unfortunately, catching the guy distributing the fliers wouldn't do you any good, unless you're really THAT upset with the practice of windshield fliering in the first place.

      The fake parking tickets, though, those are probably illegal in and of themselves, and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity, so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.

      --
      Demanding constant attention will only lead to attention.
    4. Re:Neat but.. by Cynonamous+Anoward · · Score: 5, Funny

      Phase 1: Pose as college student looking to make a few bucks

      Phase 2: ???

      Phase 3: PROFIT!!!

      There, fixed that for you.

      --
      "The GPL is viral by design, like any good religion."
  2. Who reads those things anyway? by jandrese · · Score: 5, Informative

    I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
    1. You are parked legally
    2. Everybody else has these "tickets"

    And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html

    I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

    --

    I read the internet for the articles.
  3. Re:A virus I'd actually fall for by zappepcs · · Score: 5, Funny

    welcome to the world of personal computing! Now that you've made the decision to dedicate at least some part of your life to staring at a screen and tapping on a keyboard, you should know that we (The Internets) have been working hard to make your computing experience as exciting as possible.

    Everyday you will have to learn more and more about computing just to keep up with trends, and if that isn't enough, we have some software coders that want to play a game with you. It's called "Show me your password and finance details" and is such an exciting game you will soon forget all about Zelda. Never mind looking for the hidden doors or avoiding poisonous frogs. In this game, every key you touch could be the one that causes you to lose.

    We also have many other options to fill your time. We're glad you are here, enjoy computing in the Internets.

    Sincerely,

    I.M. Rogue

    --
    Support NYCountryLawyer RIAA vs People
  4. Re:A virus I'd actually fall for by Guiness17 · · Score: 5, Interesting

    Agreed, I could've fallen for this myself. I got a ticket about a year ago in a city I didn't live in, and lo and behold, it had a website on it for paying online. Ticket looked official, but on second thought, I couldn't be sure, having never seen one from that city before. I blindly typed in the URL... I'd like to believe I would have picked off a phishing scam, but still, I took the first step.

    --
    Imagine for a moment a world without hypothetical situations...
  5. The weirdest thing just happened to me by mandark1967 · · Score: 5, Funny

    I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  6. Re:Clever idea... by Zerth · · Score: 5, Interesting

    Sure, some security testing firms have already added "leave trojaned USB sticks in the parking lot" to their list of tests.

    Slap these on cars before lunch, everyone who goes out to lunch will probably check the url when they get back on their work computer.

  7. Re:Some should rip in to the fake person giving ou by Crashspeeder · · Score: 5, Funny

    Some should rip in to the fake person giving out the tickets

    How do you catch a fake person? Fake traps?

  8. Re:A virus I'd actually fall for by Hyppy · · Score: 5, Insightful

    it still fails to computer literate common sense, "why would i need to install something to..."

    Flash. Silverlight. Java. Adobe Reader. Windows Update controls.

    People are getting used to installing applications to interact with "trusted" parties.