Online Scare Advertising Tactics Leak into the Real World

Security researchers have documented a new malware attack, with an intriguing physical component. The attackers have used fake parking violation fliers in order to direct people to a malicious website installing malware.

A lot of individuals are sensitive to spam and are able to realize when they're being served a link that they should not visit. However, their senses have been trained for the online environment and spammers have realized this, thus it is understandable why they keep on developing new social engineering techniques applicable to the real world.

Such a tactic has been recently observed and described by Lenny Zeltser, security consultant for the SANS Internet Storm Center. The analyst reports that yellow fliers have been placed on the windshield of cars from a parking lot in Grand Forks, North Dakota. The said flyers, bearing a title saying “PARKING VIOLATION,” have directed car owners to a website for more information.

“This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [URL],” the message on the flier reads. The website in question greets the visitors with some images of poorly-parked cars and an additional linked message, which advises that “To view pictures of your or someone else's horrible parking or to upload pictures: CLICK ME FOR THE PICTURE SEARCH TOOLBAR.”

Upon visiting the link, an executable file called PictureSearchToolbar.exe is prompted for download. Obviously, downloading and installing it is not a good idea, as it is a malware dropper, which queries a remote server and installs other malicious applications onto the victim's computer.

The additional malware prompts fake security warnings in Internet Explorer while the users are browsing. Clicking on the warning, which ironically claims that the computer is infected, takes them to a website where they are advised to download and install a rogue and useless anti-virus scanner, which, according to the SANS researcher, is detected only by a few anti-virus engines.

Lokesh Kumar, malware analyst at McAfee, points out that the malicious applications distributed through this campaign are part of the Vundo family of trojans, and refers to this new approach as “an innovative social engineering technique, where the virtual world meets the real world.”

“Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often,” SANS's Lenny Zeltser concludes.