Current Event: Malicious Parking Tickets
According to a post on the Internet Storm Center (ISC), some malware writers have turned to leaving false parking tickets in order to lure victims into running malicious programs. The parking tickets contained a URL where one could see a picture of the supposed offense. Upon arrival to the site, users were prompted to download a toolbar in order to view their particular picture(s). Link here.
Writers of malware often have to contend with the question of how to make users visit a particular site, or run some untrusted code. Spam emails, submitting links on popular social websites, and inserting malicious programs into data downloaded from peer to peer applications are all common practice. Savvy users know the danger of running untrusted programs, especially when appearing from a dubious source. The trick, then, is for the malware writers to make the source appear legitimate. By using a physical medium (paper, as opposed to a link or an email), potential victims were more likely to trust the website. In addition, many of the supposed parking violators likely felt wrongfully accused, and wished to dispute, or at least view, the evidence against them. And in trying to obtain that evidence, they allowed a malicious program to install itself on their computer.
This tactic also puts the writers or distributors of the malware at some risk. In most cases, locating the original person or people behind malicious software is very difficult. Because of the nature of the internet, anyone could release malware from anywhere in the world. But, when these distributors placed their false parking tickets on cars, they also told authorities where they were. Instead of being perhaps some anonymous author in who knows what country, the distributors of these parking tickets (or some accomplice) physically had to be in Grand Forks, North Dakota on the days the tickets were given out. Law enforcement agencies now have a chance of catching the perpetrators, and charging them.
Preventative measures against this sort of attack are difficult. As always, the key is to not run untrusted software, and to be aware of the dangers. But just what does untrusted mean? Nobody expects an attack to come from a parking ticket. Awareness in this case would have helped as well. When this website began asking to install a special toolbar so you can view pictures, you should get suspicious. Some problems, such as social engineering, are just too difficult with technology alone. Being informed about risks, about methods of attacks, and about trusted information systems will go much farther than any malware detection/prevention software, and is more likely to keep up with the times, as well.