Hacked – in the parking lot?
Josephine Santos/Newscom/File
Online deviants are taking their trade to the real world. Grand Forks, N.D., to be precise.
Shoppers returning to their cars found fake tickets affixed to their windshields, directing them to a website where they could view details of a parking violation.
Once online, the victims were told to download a "picture search toolbar" to view evidence of their car's infraction. But the file was really a Trojan Horse program that installed hidden malicious software. Later, the scam popped up a message warning of security flaws in the user's system, encouraging them to download a fake anti-virus program.
Thankful for some, both the original file and the subsequent download were already identified on McAfee's security software as malicious.
The scheme was uncovered by SANS Internet Storm Center researcher Lenny Zelster. He writes:
Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often.
Matt Hines, of eWeek's Security Watch blog points out the advantages and disadvantages a localized attack like this for the bad guys:
While it does allow them the ability to use their knowledge of the local environment to make their scheme seem more believable, they've also potentially made it easier for law enforcers to track them down. One of the biggest problems in stopping malware campaigns is that the perpetrators are frequently oceans apart from their eventual targets, making it nearly impossible for the cops to chase them down.
But if the law enforcers can instead just sit and wait for the next time someone spots the phony parking tickets and then start retracing the steps back to the attackers, well, you get the idea.
The North Dakota parking ticket scheme joins recent social networking attacks, Facebook exploits, and, yes, Brad Pitt on the list of creative ways computer hackers have tried to spread their wares.