February 6, 2009

Hackers Use Real World To Lure Victims

Hackers have begun to use fake parking tickets as a way to lure users onto fraudulent websites.

The fake tickets, found on vehicles in Grand Forks, North Dakota, directed users to a website alleging to have photos of the parking violation.  Once on the website, users were tricked into downloading a virus.

According to anti-virus firm McAfee, the Vundo Trojan tricks users into installing fake anti-virus software.

The fake violation tickets were printed on yellow paper and contained the message: "PARKING VIOLATION This vehicle is in violation of standard parking regulations."

The ticket also directed drivers to a website were they could "view pictures with information about your parking preferences."

According to the SANS Institute, an internet security watchdog, the website instructed users to download an application to view the photos of their violation.

The application was actually a Trojan virus that would display a fake security alert when the PC was restarted.  Once restarted, the computer prompted the user to download and install fake anti-virus software.

Lenny Zeltser, an anti-virus analyst with SANS, explained the stages of the infection on the SANS blog.

"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," he explained.

This is believed to be the first time hackers have used real world situations to trick users.  Zeltser doesn't believe it will be the last.

"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often."


On the Net: