14 DAY TRIAL // Security researchers have come across a series of malicious emails that notify the recipient that he is charged with a traffic offense, urging him to fill a form linked from the message. The malicious messages allegedly come from the Seattle Police Department or the Department of Motor Vehicles (DMV).
Experts from Microsoft’s Malware Protection Center found an email that targeted citizens of Seattle, Washington, but later discovered that there are a lot of other variations, some of them possibly targeting Europe. This means that the campaign can be easily altered to target other cities or even other countries.
The hyperlink contained in the notification usually points to a newly registered domain, hiding an iframe from another site hosted in Ukraine. This site contains an obfuscated JavaScript that tries to exploit a vulnerability in MDAC, patched up back in 2006.
If the patch hasn’t been deployed, the targeted system downloads and executes a file named info.exe, identified as Worm:Win32/Cridex.B, from a Russian domain. After landing on a system, the malware can update itself by communicating with a server using SSL.
Users are advised to immediately delete such emails.