14 DAY TRIAL // A new wave of fake emails that pose as uniform traffic ticket notifications from New York State's Department of Motor Vehicles is carrying malicious attachments.
The rogue messages started hitting people's email inboxes back in July, this being a second and more aggressive campaign.
It seems the spammers didn't make much effort to adapt the template and the emails claim the speeding offense occurred on July 5, 2011.
"TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117," the messages read.
The subject of the emails is "Uniform traffic ticket" and their headers have been forged to appear as if they originate from @nyc.gov email addresses.
The attached file, an archive called Ticket-O64-211.zip, contains a Trojan downloader that installs additional malware on victim computers, usually fake antivirus applications.
"Be aware that even though this email appears slightly 'legal' due to its blocky layout (I guess), it is missing a lot of critical data that a true legal notice should contain," Fred Touchette, a security researcher from AppRiver, writes.
"Users of other anti-virus products would be wise to check that they are protected, as this attack is being aggressively spammed out right now," warns Graham Cluley, a senior technology consultant at Sophos.
Some users have reported receiving several copies of this email in a matter of hours and the campaign doesn't seem to be targeted by country. Users as far away as Thailand have found these messages in their email inboxes.
When in doubt about the authenticity of such emails, users should confirm them over the phone with the corresponding institutions. They are also advised to always scan email attachments with a capable antivirus program, or better yet, a multi-engine service like Virus Total, before opening them.