Scam with Parking Slips Causes Computer Infection

A gang of cyber criminals has been using a scam of a real-world nature in an attempt to spread malicious code. Security researchers at SANS Institute detected this scam and disclosed that someone stuck yellow parking slips on cars parked in Grand Forks (USA).

According to the slips, the car owners had breached parking rules and therefore, they should visit a website to know more about what violations they had committed.

Lenny Zeltser, Security Researcher at SANS Institute, stated that the website displayed several photos of automobiles from Grand Rapids (USA), and proposed an archive of "wrong parking", as reported by Vnunet on February 5, 2009.

However, the photos of the automobiles did not show the license plates, implying that they had been edited. People visiting the website were asked to download a toolbar having an .exe extension necessary for the user to search information about his car. This executable carried a Trojan that tries to download numerous other malicious programs on the victim's computer.

Security experts at the institute said that attackers keep devising new ways to trick users into loading malicious applications, but this method is something quite new. The uniqueness of this attack is that it has someone physically pasting a slip on the victim's vehicle, and subsequently getting him to click on a malicious link.

Meanwhile, the way the attack has left an impressive mark on many other security experts. Dave Marcus, Director of Security Research at McAfee, commented that the attack was a great instance of social engineering in the real world, as reported by Vnunet on February 5, 2009.

Experts also stated the attack is unusual in the way the persons behind it are so close or involved with their victims. Putting a parking breach slip on a car appears legitimate. The car owner is likely to believe it and go to the website, and even trust the details he finds on it. This way the infection rate could increase among many similar victims, said security experts.

Expectedly, more hackers might use such a personal approach with their victims in coming days.

Related article: Sixem Worm Striking World Cup

» SPAMfighter News - 2/20/2009