February 04, 2009, 4:09 PM — Trojan-pushing parking tickets? Yes, really. The Internet Storm Center, which tracks Internet attacks and threats, documented a case in Grand Forks, North Dakota where someone put yellow fliers on cars that claimed to ticket a parking violation. The fliers named a Web site that purportedly had pictures of your supposed violation.
To see the pictures, according to additional commentary from the McAfee Avert Labs, the site instructs you to download a toolbar named PictureSearchToolbar.exe. Do so, and you end up with a Trojan. That Trojan, called Vundo by Symantec and McAfee and Monder by Kapsersky (according to a Threat Expert report linked by the ISC), displays false infection warning pop-ups that market a fake antivirus product called "Antivirus 360."
I knew that pushing rogue antivirus was becoming a more popular tactic for crooks, who get a cut of the purchase price via shady affiliate marketing deals, but I had no idea the potential profits could justify the time and expense of physically distributing fake parking tickets. Then again, maybe it doesn't: Many Internet crooks aren't exactly known for their excessive brain power.
The ISC post from Lenny Zeltser has more details on the discovery, including some digital sleuthing about the model of the camera used for pictures on the Web site. And keep an eye out for an upcoming PC World story that delves into rogue antivirus, including how to tell a harmless browser-based social engineering attempt from one that can indicate a malware infection like the one described here.
