Malware URLs Placed on Fake Parking Tickets

Posted on February 28, 2009

eWeek's Security Watch blog is discussing a novel malware attempt that involved a malware url that was placed on faking parking tickets.

Anyhow, SANS Institute researcher Lenny Zeltser recently uncovered the two-part parking ticket/malware scam, through which someone placed phony tickets on the windshields of a number of vehicles in a parking lot in North Dakota informing their owners that they had somehow violated the regulations and instructing them to go to a Web site to get more details on their fines. Researchers at McAfee also highlighted the scheme.
Of course, upon visiting the site, the advertised URL demands that people download a piece of software to view pictures of their vehicle when it was "in violation," and that program of course instead delivers malware onto their computers.
"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to Web sites is one way to do this. I imagine we'll be seeing such approaches more often," Zeltser said.

The attack is a unique idea and it meant that people had to be close to their victims. There's an extra level of creepiness with people placing something on a car or possibly sending something via snail mail that would get a person to access a malware website. On the other hand there is probably more risk here for criminals which might discourage then from trying physical or snail mail approaches. Fake parking tickets aren't going to go over very well with the city authorities, so they may be even more likely to try and find the source and make an arrest.