Parking Ticket Leads to Blended Hack Attack

February 21, 2009 by ADMIN
Share |

By Kevin M. Nixon, Information-Security-Resources.com Security Editor

At 11:47 AM CST – 02-20-09 I posted this story on Daily Kos and my comment meter went off the scale.  People just couldn’t believe that something like this could be true.
I have to give a “SHOUT OUT” to my friend “Sparky” (Shannon Myers-Leitz at GotMetrics.com) for sharing this story.

Firewalls. Corrupted files. Spam with bad code.  Those were the traditional vectors hackers used to plant malware on a system or gain access to a workstation. Now they just give you a parking ticket.

Last week the SANS Internet Storm Center discovered a case in Grand Forks, North Dakota, where yellow card-like fliers presumed to be parking  tickets were found on cars in a parking lot.

The would-be tickets read: “PARKING VIOLATION: This vehicle is in violation of standard parking regulations.”

The card then instructs the ticket recipient to visit a specified Web Site. From this point, hackers count on law-abiding users to go home and log on where, strangely enough, they’ll see a picture of the parking lot where their car was. A few clicks later, a fake Internet Explorer security alert pops up asking the user if they’d like to do a quick antivirus scan. The infection starts from there.

Lesson learned:  Go Green! Take Public Transportation.

Forensics of the Hack

With the “Parking Ticket” in hand, lawful citizens went to the website.

parking1rt5

The picture displayed was of cars in that location (not the ticket holder’s car) with a prompt to use the Picture Search Tool.  This leads the person to believe that they can search through a series of photos looking for their car.  So CLICK, and then the fun begins.

The Picture Search Tool is known as a Browser Help Object (BHO).  The BHO seems to wait for the user to browse the Internet a bit, and then brings up a pop-up with a fake security alert:

Error Message

The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from a suspicious site and attempted to trick the victim into installing a fake anti-virus scanner.

Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this.

I imagine we’ll be seeing such approaches more often.

Kevin has testified as an expert witness before the Congressional High Tech Task Force, the Chairman of the Senate Armed Services Committee, and the Chairman of the House Ways and Means Committee. He has also served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and as a consultant to the Federal Trade Commission.

The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

Stay Informed With RSS Feeds or Email Alerts Here: 

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, FEATURE ARTICLE, Financial, Government, Kevin M. Nixon, Uncategorized, hackers, identity-theft, malware, privacy 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

One Comment on Parking Ticket Leads to Blended Hack Attack

  1. Tech989 Radio Spot » Blog Archive » E-Card Threats and Parking Ticket Leads to Blended Hack Attack on Mon, 9th Mar 2009 5:35 pm

    2. [...] Editor’s Note: The following article is reprinted from http://information-security-resources.com. [...]

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!