Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Spreading Via ... Windshield Fliers?

timothy posted more than 5 years ago | from the right-at-home-with-the-bug-guts dept.

Security 207

wiedzmin writes "Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."

cancel ×

207 comments

Neat but.. (5, Insightful)

Dyinobal (1427207) | more than 5 years ago | (#26727637)

As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.

Re:Neat but.. (5, Funny)

bensafrickingenius (828123) | more than 5 years ago | (#26727657)

Absolutely. And just think of actually having the chance to get your hands on one of those assholes. My god, the frustrations I could take out on him!

Re:Neat but.. (5, Funny)

Anonymous Coward | more than 5 years ago | (#26727871)

My god, the frustrations I could take out on him!

Also, we could use violence.

Re:Neat but.. (1)

skuzzlebutt (177224) | more than 5 years ago | (#26728521)

VirtuaMod: +1

Re:Neat but.. (0)

Anonymous Coward | more than 5 years ago | (#26728757)

Now, /. does not endorse vigilante violence. Unless it gets results... which it *will*.

Re:Neat but.. (5, Insightful)

Captain Spam (66120) | more than 5 years ago | (#26727887)

Knowing at least one area in which windshield fliers are prevalent (college towns), chances are pretty high you'd be going ballistic over some poor college kid who just needed some cash and wasn't told what these fliers were for, not a malicious malware author/user hiding in an apartment somewhere while his freshly-hired lackeys unwittingly do his bidding.

So unfortunately, catching the guy distributing the fliers wouldn't do you any good, unless you're really THAT upset with the practice of windshield fliering in the first place.

The fake parking tickets, though, those are probably illegal in and of themselves, and the lackey distributing them would have to at least SEE what they are and thus be complicit in the activity, so they probably have some other manner of disguising themselves (official-looking police uniform, etc) so nobody questions them. Unless the REAL cops come by.

Re:Neat but.. (4, Funny)

Smidge204 (605297) | more than 5 years ago | (#26728125)

Phase 1: Pose as college student looking to make a few bucks

Phase 2: Get to know person distributing the fliers to students

Phase 3: Stand trial for aggravated assault with no regrets.

=Smidge=

Re:Neat but.. (5, Funny)

Cynonamous Anoward (994767) | more than 5 years ago | (#26728437)

Phase 1: Pose as college student looking to make a few bucks

Phase 2: ???

Phase 3: PROFIT!!!

There, fixed that for you.

Re:Neat but.. (2, Funny)

cthulu_mt (1124113) | more than 5 years ago | (#26728875)

I think that's how Gov. Spitzer's girlfriend got started.

Here, I fixed it for you (1)

Giant Electronic Bra (1229876) | more than 5 years ago | (#26728461)

Phase 4: Get assaulted in prison

Phase 5: Sue

Phase 6: Profit!

Re:Neat but.. (4, Insightful)

Anonymous Coward | more than 5 years ago | (#26728899)

unless you're really THAT upset with the practice of windshield fliering in the first place.

Yes, I am. There are certain behaviors everyone should know are asshattery. Being a "poor college student" does not make it okay to take a job being a total jerk (telemarketing, spammer, virus writer, and the person who sprays people unasked with perfume).

Re:Neat but.. (1)

GradiusCVK (1017360) | more than 5 years ago | (#26727921)

Just mention "spam" and no jury would convict you. May not be entirely accurate, but how many average jurists would know?

Re:Neat but.. (1)

poot_rootbeer (188613) | more than 5 years ago | (#26727937)

just think of actually having the chance to get your hands on one of those assholes

Obviously the jerk walking around town putting fake parking tickets on cars isn't going to be the ringmaster of the operation. He's going to be just some guy trying to make a few dollars.

I'd like to think that enough people are moral enough to know that this is wrong, and the rest will figure it out after being arrested for impersonating a police officer, that the efficacy of this infection vector will quickly fall to zero.

Re:Neat but.. (1)

Opportunist (166417) | more than 5 years ago | (#26728745)

Not in every country policemen hand out parking tickets. More often than not it's just some "public servant" with little to no training and certainly no executive power.

Re:Neat but.. (4, Interesting)

Anonymous Cowpat (788193) | more than 5 years ago | (#26728945)

Except in the UK, where it's a public servant with little or no training who, in some instances, actually has more power than a real police officer.

Re:Neat but.. (3, Insightful)

pclminion (145572) | more than 5 years ago | (#26727929)

Some homeless person who some random dude paid $20 to slap a bunch of fliers on cars is going to help you how?

Re:Neat but.. (1)

Tubal-Cain (1289912) | more than 5 years ago | (#26728787)

Some homeless person...is going to help you how?

Another $50 should get you a place and time.

Re:Neat but.. (1)

moderatorrater (1095745) | more than 5 years ago | (#26728075)

It'll lead you to someone who got paid a little money to do it but has no idea who the actual person who paid them is. At the most they'll catch one or two of the people who are actually behind the scheme, the rest will all be people who just wanted a quick job that paid a few bucks.

Re:Neat but.. (1)

Neanderthal Ninny (1153369) | more than 5 years ago | (#26728111)

Correct. With those video cameras they have at most shopping places now they can look the video who did and catch them this way. However, this will inspire copycats to do more of this crap at other places so we need to be more wary of things we get from any source, including "official" look parking tickets.
If in doubt go to the place where you shop and talk to them direct about the "ticket" so you can find out if it for real.

Re:Neat but.. (1)

agnosticanarch (105861) | more than 5 years ago | (#26728207)

Except that the guy you catch was probably paid cash (or a crack rock) by "some other guy" to put those on cars. I know that if _I_ were doing that, I wouldn't be the one with the paper in hand on the street... Just sayin'.

~AA

Re:Neat but.. (0)

Anonymous Coward | more than 5 years ago | (#26728387)

As clever as this is it seems like catching the person or persons putting these on wind shields would be simple enough.

He's probably just some schmuck paid a couple bucks in cash to put fliers on windshields.

But, we could waterboard him until he gives up the ringleaders.

Easy way to not have it be a problem (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26728553)

Use a Mac. I never have to worry about new and directed attacks like this with OS X. The only way this could affect a Mac user is if they go to a website, and run a downloaded executable as root... something no legit parking ticket site would do.

Re:Easy way to not have it be a problem (3, Insightful)

zonky (1153039) | more than 5 years ago | (#26728867)

Something a user would certainly do, if they were told they needed to install a plugin to find their ticket, regardless of platform. This is a human problem, not a O/S security model problem.

Re:Neat but.. (1)

dmomo (256005) | more than 5 years ago | (#26728749)

Agreed. Of course, the next step will be for the malware creator to obscure themselves from the "flier" person. Easy enough, I suppose. Malware provider pays via paypal and has an anonymous scout verifying that the "flier person" is actually doing their job. The person putting the fliers may not even know that what they are doing is bad.

Re:Neat but.. (1)

hayesk (561264) | more than 5 years ago | (#26728835)

Unfortunately, you're more likely to catch a kid that was paid $5 by someone to do the entire parking lot. The real guy is home at his computer.

Re:Neat but.. (1)

TrippTDF (513419) | more than 5 years ago | (#26728845)

This seems like more of a kids prank, really. Unless you have a network of people around the country / world doing the same thing, you're only going to effect a very small number of people. You can't do this to build a botnet, which seems to be the goal of most virus writers these days.

Clever idea... (4, Insightful)

O('_')O_Bush (1162487) | more than 5 years ago | (#26727683)

but I can't seriously imagine this being a widespread problem.

Maybe a few people in a town would end up affected, but the cost in time/effort required to trap victims is impractical considering what a simple email can do.

Re:Clever idea... (4, Insightful)

IamGarageGuy 2 (687655) | more than 5 years ago | (#26727757)

Maybe this is supposed to be a local infection by design. Maybe to attack a local business or gov. office. Anybody have any ideas of how a local ip could be used to attack something?

Re:Clever idea... (1)

MWDrexel (1367787) | more than 5 years ago | (#26727915)

Or a specific individual?

Re:Clever idea... (4, Interesting)

SatanicPuppy (611928) | more than 5 years ago | (#26727975)

Depends on where you target your fliers. Put 'em around city hall, and you may be able to get some schmuck to compromise their internal network. Or a bank, or a big company, etc, etc.

That would be the big advantage of being able to geographically target your scam.

Re:Clever idea... (5, Interesting)

Zerth (26112) | more than 5 years ago | (#26728097)

Sure, some security testing firms have already added "leave trojaned USB sticks in the parking lot" to their list of tests.

Slap these on cars before lunch, everyone who goes out to lunch will probably check the url when they get back on their work computer.

A clever way to pen-test a client (0)

Anonymous Coward | more than 5 years ago | (#26728119)

It would be a clever method of pen-testing a local client.

Re:Clever idea... (1)

Hyppy (74366) | more than 5 years ago | (#26728383)

Get enough local IPs, and you could mount an extremely effective DDOS attack over underutilized peering lines between the local ISPs.

Re:Clever idea... (0)

Anonymous Coward | more than 5 years ago | (#26728575)

Yes! Using the local IP of 127.0.0.1 (very very local) you can do tremendous damage! Be careful!

Re:Clever idea... (1)

Sleepy (4551) | more than 5 years ago | (#26728609)

>Anybody have any ideas of how a local ip could be used to attack something?

Well, if you want to make ad money you would change the "DNS server" field on the gateweay router. Most clueless router installs use default admin passwords. Then all your LAN PC's would be using the alternate DNS servers...

You could also troll the inside RFC1918 netspace, and scp random documents found on a fileserver that grants "guest" logins.

Re:Clever idea... (2, Interesting)

John Hasler (414242) | more than 5 years ago | (#26727799)

Depends on how many people actually pay the fine.

Re:Clever idea... (2, Interesting)

Zerth (26112) | more than 5 years ago | (#26727847)

Ah, but have you ever seen those 5 cent plastic signs advertising DatingIn.com? Somebody local to you nails/stakes those(and probably all those other signs) and they do it for stupid cheap.

Ad agencies realized people will put those up for a pittance if you didn't care where they went, just wherever someone was already going for work/shopping/etc. And those things are everywhere.

Heaven help us if they were to get the idea to give the homeless a bottle of rotgut and a pad of these malware tickets. It'd be like covering your car with post-its.

Re:Clever idea... (1)

Anonymous Monkey (795756) | more than 5 years ago | (#26727973)

I think with the right labor pool and right area this could very troublesome. Get homeless people to do the leg work, and target major metropolitan areas like New York, San Francisco, and LA. Also if you have a few rootkits waiting on the other side of the URL you could propagate to Linux and Mac machines as well.

Re:Clever idea... (1)

GravityStar (1209738) | more than 5 years ago | (#26728631)

Odd. Why haven't those ad agencies not been sued? Or just plain and simple fined? I would never get away with anything like that here. (Europe)

A virus I'd actually fall for (4, Insightful)

pwnies (1034518) | more than 5 years ago | (#26727689)

What scares me most is that this style of distribution is something I'd actually fall for. I mean, pop ups and stuff are easy enough to ignore, but what about local flies for bands, business cards, and these tickets? Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.

Re:A virus I'd actually fall for (5, Funny)

zappepcs (820751) | more than 5 years ago | (#26727773)

welcome to the world of personal computing! Now that you've made the decision to dedicate at least some part of your life to staring at a screen and tapping on a keyboard, you should know that we (The Internets) have been working hard to make your computing experience as exciting as possible.

Everyday you will have to learn more and more about computing just to keep up with trends, and if that isn't enough, we have some software coders that want to play a game with you. It's called "Show me your password and finance details" and is such an exciting game you will soon forget all about Zelda. Never mind looking for the hidden doors or avoiding poisonous frogs. In this game, every key you touch could be the one that causes you to lose.

We also have many other options to fill your time. We're glad you are here, enjoy computing in the Internets.

Sincerely,

I.M. Rogue

Re:A virus I'd actually fall for (2, Insightful)

morgan_greywolf (835522) | more than 5 years ago | (#26727813)

What scares me most is that this style of distribution is something I'd actually fall for.

How so? Anytime I get a prompt to install anything from a website I'm not expecting, especially on Windows, I tell it no. Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.

You're missing the point. (1)

IANAAC (692242) | more than 5 years ago | (#26728329)

Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.

Most people have by now been taught to no click willy-nilly on the screen, but people get fliers and other handouts with URLS on them all the time. We've been conditioned that to be sure you are going to the sight you really intend to go to, you have to manually enter the full URL.

Re:You're missing the point. (1)

morgan_greywolf (835522) | more than 5 years ago | (#26728455)

And? Again, just because there is a URL on the flier doesn't mean I'm going to install software from the website the URL points to.

Re:You're missing the point. (1)

Firehed (942385) | more than 5 years ago | (#26728679)

True, but you're also a Slashdot user. Many people will be much more inclined to trust a site relayed to them offline, especially when it comes from a source that appears authoritative (such as mimicking a parking ticket, as TFS describes). You and I might call up City Hall and ask WTF is going on, but I'd bet that 95% or more of people that receive these fliers and hit the URL would get rooted.

Re:A virus I'd actually fall for (0)

Anonymous Coward | more than 5 years ago | (#26728361)

What scares me most is that this style of distribution is something I'd actually fall for.

How so? Anytime I get a prompt to install anything from a website I'm not expecting, especially on Windows, I tell it no. Just because something is printed on a flier doesn't mean it's any more trustworthy than some random site you found through googling.

Sadly you are in a minority.

This is a clever if limited ruse. I'm sure varaints will crop up time and time again though.

Re:A virus I'd actually fall for (5, Interesting)

Guiness17 (606444) | more than 5 years ago | (#26727855)

Agreed, I could've fallen for this myself. I got a ticket about a year ago in a city I didn't live in, and lo and behold, it had a website on it for paying online. Ticket looked official, but on second thought, I couldn't be sure, having never seen one from that city before. I blindly typed in the URL... I'd like to believe I would have picked off a phishing scam, but still, I took the first step.

Re:A virus I'd actually fall for (1)

RiotingPacifist (1228016) | more than 5 years ago | (#26727879)

erm if a band/buisness/etc need me to install an EXE im not using it. there are plenty of safe mediums to exchange with unkown people, mp3, pdf/image formats. while these attacks are more devious it still fails to computer literate common sense, "why would i need to install something to..."

Re:A virus I'd actually fall for (5, Insightful)

Hyppy (74366) | more than 5 years ago | (#26728441)

it still fails to computer literate common sense, "why would i need to install something to..."

Flash. Silverlight. Java. Adobe Reader. Windows Update controls.

People are getting used to installing applications to interact with "trusted" parties.

I wouldn't. (1)

SanityInAnarchy (655584) | more than 5 years ago | (#26727919)

What makes it slightly scary is that it claims to be a parking violation.

However, I would likely make a very loud noise about being required to not only have Internet, but also a specific browser and a specific operating system, and having to download their software.

For unemployment, at least here, the entire thing is done over the Internet. However, the website pretty much works in any browser (though the layout was slightly off in Konqueror), and if you don't have Internet (or a computer), you walk to the unemployment office, they sit you down at one of their computers, and you do it there.

For a parking violation to be so unaccessible has got to be violating some regulation somewhere.

Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.

Also goes to show how a little paranoia goes a long way.

Re:A virus I'd actually fall for (0)

Anonymous Coward | more than 5 years ago | (#26728017)

Using noscript would be a fairly easy solution to completely stop this in its tracks.

Re:A virus I'd actually fall for (1)

sexconker (1179573) | more than 5 years ago | (#26728279)

Just don't go to www.17shittyemoband.com, just like you don't go to 54makethemoney.com when the tv tells you to.

Re:A virus I'd actually fall for (1)

pentalive (449155) | more than 5 years ago | (#26728409)

Easy..

1) if it is not a parking ticket - Ignore it. I don't do business with that sort of business.

2) if it is a parking ticket. Don't go to the site, go to the most logical traffic court - take a day off from work. If it's real you can pay your fine or whatever. If it's not - hey at least you get a day off from work.

Re:A virus I'd actually fall for (1)

MobyDisk (75490) | more than 5 years ago | (#26728483)

Is there a reason someone would download ActiveX controls from the government? I think I'd rather download one from goatse than from anything ending in .gov of .us.

Re:A virus I'd actually fall for (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26728517)

Just goes to show that no matter how much protection you have on the tech side, there's always a social engineering way around it.

True, but the better your protections on the tech side, the harder they have to work at social engineering and the less widespread and effective it will be. There is plenty of room on the tech side for technologies to mitigate trojans.

You might not fall for it... (1)

rewt66 (738525) | more than 5 years ago | (#26728539)

... because the domain probably didn't end in .gov It's supposed to be a parking ticket, right? But http://www.some.plausible.domain.name.com/ [name.com] should be a red flag, just because of the .com

Re:A virus I'd actually fall for (1)

JaredOfEuropa (526365) | more than 5 years ago | (#26728677)

Exactly. Recently scammers and spammers have achieved a step change in their approach, which greatly increases the danger they pose even to alert citizens:

They have learnt how to spell.

Be afraid...

That is pretty clever... (4, Interesting)

damn_registrars (1103043) | more than 5 years ago | (#26727721)

After all, do you know what a parking ticket looks like in your city, to be able to distinguish between a real one and a fake? I would suspect that most people who recognize the real thing either wouldn't bother to try to contest one, or don't do anything about them anyways. But for the larger portion of a city's population who has not been ticketed, they could well have a hard time telling a fake from the real thing.

And then you add in people who are from out of town, who would much rather not have to go back to your city to deal with a ticket...

Re:That is pretty clever... (4, Funny)

pwnies (1034518) | more than 5 years ago | (#26727795)

do you know what a parking ticket looks like in your city

Only one way to find out. Lemme borrow your keys.

Re:That is pretty clever... (1)

morgan_greywolf (835522) | more than 5 years ago | (#26727877)

Easy. Real parking tickets will have a phone number on them that will lead to a clerk's desk in the local courthouse. This usually can be verified by checking against the phone book. Calling the clerk to verify the details of your ticket is always a good idea anyway, regardless of the potential for fakes.

Re:That is pretty clever... (3, Interesting)

pluther (647209) | more than 5 years ago | (#26728079)

Not always.
In Eugene, Oregon, for instance, much of the parking is contracted out to a company called Diamond, which has the authority to issue tickets.
These tickets have no phone numbers on them, though they do include an address to mail your payment to.
There seems to be no way of contesting the tickets, either, which was annoying a while back when I got a ticket about a minute before the time had expired.

Re:That is pretty clever... (1)

Hyppy (74366) | more than 5 years ago | (#26728509)

"Good ideas" like that are rarely if ever put into practice. If I were doing something like this, I'd just put the county clerk's phone number on there anyway. I'd put money down that ess than 5% of the recipients would actually call.

Re:That is pretty clever... (1)

z80kid (711852) | more than 5 years ago | (#26728133)

Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.

Re:That is pretty clever... (4, Insightful)

damn_registrars (1103043) | more than 5 years ago | (#26728349)

Accidentally modded redundant instead of insightful. Sorry. Posting to kill moderation.

Isn't this awesome new moderation system such a great part of this fantastic new layout? Nobody liked the "confirm" button from the previous system, right?

Re:That is pretty clever... (1)

Esc7 (996317) | more than 5 years ago | (#26728735)

Ah crap I modded you redundant instead of insightful too!

New Slashdot layout (1)

Valdrax (32670) | more than 5 years ago | (#26728795)

Isn't this awesome new moderation system such a great part of this fantastic new layout?

That is exactly the reason I turned it off. Slashdot's interface is becoming all flash and no function.

Who reads those things anyway? (5, Informative)

jandrese (485) | more than 5 years ago | (#26727765)

I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
1. You are parked legally
2. Everybody else has these "tickets"

And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html [qlmbix.ch]

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

Re:Who reads those things anyway? (3, Insightful)

RiotingPacifist (1228016) | more than 5 years ago | (#26727891)

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a good infection rate.

*fixed*

Re:Who reads those things anyway? (3, Insightful)

Billhead (842510) | more than 5 years ago | (#26727899)

And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html [qlmbix.ch]

How is the average person supposed to know that a suspicious address? For all they know it could be some sort of acronym, and would the average Joe actually notice that the alleged government site doesn't have a .gov TLD?

Re:Who reads those things anyway? (1)

Hyppy (74366) | more than 5 years ago | (#26728557)

Agreed. Also, many government entities don't reside in the .gov tld anyway.

www.ocpafl.org is a good example. That's not exactly an easy one to decipher unless you work with that office regularly.

Re:Who reads those things anyway? (1)

CannonballHead (842625) | more than 5 years ago | (#26727911)

if you look around and notice two things:

Depending on who you are, that's a big if.

Re:Who reads those things anyway? (4, Interesting)

pavon (30274) | more than 5 years ago | (#26727933)

1. You are parked legally
2. Everybody else has these "tickets"

I've gotten tickets when I was parked legally and successfully contested them. All the other cars on the block were also incorrectly ticketed at the same time - apparently a cop misunderstood the parking rules, or didn't know how to operate a watch.

Furthermore, given the city's trend of contracting out ticking, the fact that the URL pointed to some third party website and not a subdomain of the city or county sites wouldn't have set off any red flags either (although one hosted in the Czech Republic would :). The red-light tickets we get in the mail today directs you to the website of the contracted company and not to the city website.

Re:Who reads those things anyway? (1)

natebarney (987940) | more than 5 years ago | (#26728315)

although one hosted in the Czech Republic would :)

.ch is Switzerland's TLD.
</nitpick>

Re:Who reads those things anyway? (1)

ericspinder (146776) | more than 5 years ago | (#26727935)

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

Or just too wrapped up in their own lives to notice other cars. Sure most would know that they aren't parked illegally, but then they'd be even more interested in getting to the website. Hell in some cities, one wouldn't even have to look hard for people parked illegally, as often double parking is the norm. Other towns have confusing rules about where and when one can park. Personally, I could see this as being a very effective attack, in particular if one wants to target a specific individual or small group.

Re:Who reads those things anyway? (1)

kannibal_klown (531544) | more than 5 years ago | (#26727939)

I can't imagine there are a large number of people who are not only going to read the flyer, but take it home and remember to get on their computer and type in a URL from it. The "parking ticket" gambit seems pretty weak too if you look around and notice two things:

1. You are parked legally

2. Everybody else has these "tickets"

And that's before you notice that your local government is using a website like: http://qlmbix.ch/parkingticets.html [qlmbix.ch]

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

I'll admit, the parking ticket might catch me enough to get to the site if the URL was realistic enough. Something ending in a foreign domain or some completely "out there" URL would set off my flags right away, but a good enough parking ticket scam might nail me at first.

But the instant I'd have to install something I'd stop what I was doing. I wouldn't care if the domain ended in .gov, I am very particular about what goes onto my PCs. I'd immediately look for alternative routes like the city's or county's official website and/or phone number.

As for parking, if you parked at a meter then maybe you could think that the cop misread the thing and issued it by mistake. My friend was given a parking ticket at his company's campus in error, and he had to argue with them over it. I'd imagine people think mistakes happen.

Re:Who reads those things anyway? (2, Insightful)

Culture20 (968837) | more than 5 years ago | (#26727963)

The "parking ticket" gambit seems pretty weak too if you look around and notice two things:
1. You are parked legally
2. Everybody else has these "tickets"

1. All the more reason you'd want to contest it
2. Maybe the people leaving the tickets are instructed to ticket only 1/10 cars down a street? Even if not, I see people getting tickets all in a row quite often. Metermaids cut wide swaths with their pens.

That's how you make money on these things (2, Insightful)

hellfire (86129) | more than 5 years ago | (#26727997)

I mean for this infection to work, the victim has to be not only stupid, but also not lazy. It has to have a low infection rate.

We have an abundance of uneducated people in the US, specifically those who don't know or understand the dangers of the internet. Also, a low infection rate is all it takes to get some return on investment.

To top it all off, Americans are first and foremost a scared people, especially of our own government and of forces outside our borders. Heaven forbid you piss off the government by not paying a parking ticket! You might lose your constitutional rights! Maybe they'll stop protecting you?!?!?! Maybe your a teenager who doesn't want your parents to find out?

Somehow these scams pay off and they only need a few suckers. And a new sucker is born every minute. Why do you think the "three cards, find the ace" scam still works in the alleyways and slums? It's one of the oldest scams in the book and those who are not educated don't know how it works and are easily manipulated.

Re:Who reads those things anyway? (1)

SatanicPuppy (611928) | more than 5 years ago | (#26728039)

If you target a big company or something, all you need is one person to be stupid, and that's not just probable, it's certain. That's why this stuff works.

The person may very well know they're legally parked, and so they'll take the logical next step: they'll contact the issuing body to complain, and look, they left the address of their handy website! And, look, they have a photo app, so I can see what bastard got a ticket, then stuck it on my car!

It's clever.

Re:Who reads those things anyway? (1)

sjames (1099) | more than 5 years ago | (#26728173)

Cops handing out bogus tickets is all too believable in some cities and towns, particularly the cash strapped ones.

Re:Who reads those things anyway? (1)

Qzukk (229616) | more than 5 years ago | (#26728941)

1. You are parked legally

If you read the SANS article, the fake site apparently has a photo of the ticket recipient's car.

The example car is taking up two parking spaces.

Maybe everyone gets the same photo, but I suspect that the person who did this found a new way to take their frustration out on idiots who can't figure out how to operate their vehicle, rather than the tried and true method of parking against their doors so they can't get back in.

Some should rip in to the fake person giving out t (2, Informative)

Joe The Dragon (967727) | more than 5 years ago | (#26727779)

Some should rip in to the fake person giving out the tickets like people do to the real meter maids as you see do on A&E parking wars. And if they are not real say I'm calling the cops as I don't think they will like to have people giving out fake tickets.

Re:Some should rip in to the fake person giving ou (5, Funny)

Crashspeeder (1468723) | more than 5 years ago | (#26728203)

Some should rip in to the fake person giving out the tickets

How do you catch a fake person? Fake traps?

More important than a face on the criminal (2, Funny)

erroneus (253617) | more than 5 years ago | (#26727789)

There is also a neck we can hang them from... someone police can pursue and arrest, more direct money to follow... leads.

I really want to see some terrible, nearly unimaginable things happen to these people. Some people feel this way about drug pushers. Others feel this way about child molesters. For me, it is malware. Oh I think of the children too, but frankly, a lot can be done in the way of prevention if only most parents paid attention to their own children that would address a good portion of the child molestation thing and as drugs go... well, once again, people don't get hooked on drugs unless they had some other problems that precipitated it first. If they were raised well, odds are better that they'd not be a drug addict.

Re:More important than a face on the criminal (1)

Crashspeeder (1468723) | more than 5 years ago | (#26728089)

I can understand your hatred for this dishonest way of life but I completely disagree with your child molestation and drug views.

Children are most likely to be molested by somebody close to the family. Possibly a family member or boyfriend/girlfriend of the parent, not some random person off the street. As for drugs, having shit happen to you is no excuse. People use because they want to use and like the feeling. That's what it boils down to. Some people have addictive personalities plain and simple and are more likely to give into the peer pressure to try said drugs.

I have a friend that's done cocaine before and it left him afraid of ever doing it again because of how addicting it was. There's nothing wrong with experimentation if you're physically and mentally strong enough to ONLY experiment and not fall victim.

Back to the malware though, social engineering has been around since humans started keeping secrets. It'll never go away and there's nothing we can do to beat it except wise up. People are dumb and there will always be those that fall for this kind of thing (though a fake ticket even I would likely fall for until I had to install software). Short of windows periodically wiping itself and starting fresh I don't think we can stop zombie computers and malware/viruses.

Re:More important than a face on the criminal (0)

Anonymous Coward | more than 5 years ago | (#26728839)

In that list of who is likely to molest children, I would redo the ordering. Put parents first as most likely to molest children.

Sad, I know.

Should be pretty easy to stop (2, Interesting)

damn_registrars (1103043) | more than 5 years ago | (#26727807)

If the flier says "go to evilticketcontesting.com", you just need to find who that domain is registered to, and contact the registrar and ISP to have it shut down. This is quick and straightforward, since internet registrars all keep good records of who they sell domains to, and all ISPs respond quickly to requests that are written in plain English. We should have this problem licked in time for dinner.

Oh, wait. Registrar accreditation is handled by these bumbling idiots. And how many ISPs that offer hosting services respond to much of anything?

Omg... (2)

Noxn (1458105) | more than 5 years ago | (#26727831)

Genius!
Now you can get viruses by looking at anything with text on it!

WARNING This virus requires:
-A Computer running Windows
-Human stupidity, but not that much (i would fall for that maybe)

Re:Omg... (1)

Creepy (93888) | more than 5 years ago | (#26728653)

The computer not only needs to be running Windows, but also IE according to the exploit report.

This is hardly the first virus to use that method - I've heard of similar 1-click or no-click infections using flaws in IE (specifically because it is the dominant browser - other browsers have flaws, too).

And from the initial poster, new viruses rarely have signatures right away - it usually takes several days from the initial report before they appear in a definitions file. When my wife popped a malicious e-card last year it installed 29 viruses through a downloader web site. The number of these detected by Trend Micro AV on the day of infection? 5. Fortunately no root kits with that one, and a date scan rooted out the infected files, but I still spent a couple of hours a weekend for a month cleaning the registry and fixing all the files it modified (starting with the more dangerous ones like the http address redirect and safe machines list and other backdoors and then moving to the registry keys, and since I had moved all the files into an infected.zip archive those registry keys were pretty much useless anyway). I submitted several of those viruses to Trend Micro (a few were caught before I had time to fix them but after the first day, and a few I deleted before deciding I really should submit any undiscovered ones).

The weirdest thing just happened to me (5, Funny)

mandark1967 (630856) | more than 5 years ago | (#26727865)

I went out to my car to go to lunch and there was this Nigerian Prince and his entourage standing there and he said he needed my helpto move some cash out of his country for his dead uncle or someone.

You don't even need a Virus or Malware to pull thi (2, Insightful)

Joe The Dragon (967727) | more than 5 years ago | (#26727895)

You don't even need a Virus or Malware to pull this off all you is a pay on link that takes your CC # and that likely will work even on super locked systems.

Re:You don't even need a Virus or Malware to pull (2, Funny)

denstark (979527) | more than 5 years ago | (#26728035)

Holy lack of punctuation, batman!

Ninnle safe from this... (0)

Anonymous Coward | more than 5 years ago | (#26728041)

Ninnle Linux has enhanced security for this sort of thing.

If Microsoft made cars... (1, Funny)

ddusza (775603) | more than 5 years ago | (#26728051)

Ok, this article dredges up the old thread of "If Microsoft made cars" and the barbs cast back and forth about it. Makes me wonder, if the car was made by Microsoft, would the car get the virus directly from the malware flyer?

Bad idea (2, Funny)

gmuslera (3436) | more than 5 years ago | (#26728149)

Only works locally, a parking cam can catch the real culprit (think in catching the originator of most of the spam/malware that goes thru email), and is somewhat shortlived (by the time most of the ones that got the ticket went to internet the site could have been taking down).

To make it much worse, YOU can catch him and take revenge of every spam/malware/spyware/virus you received ever. We can get an updated version of witch burning for the XXI century.

Windshield fliers (2, Funny)

Hordeking (1237940) | more than 5 years ago | (#26728309)

Aren't those the little pieces of paper that go under my wipers and always make it rain/snow?

Obligatory Car Analogy (1)

mrclisdue (1321513) | more than 5 years ago | (#26728379)

Ok, for a car analogy:

Let's say my car was a Linux,

then I'd have nothing to worry about.

cheers,

Re:Obligatory Car Analogy (0)

Anonymous Coward | more than 5 years ago | (#26728661)

Unless your wife was missing along with one of your car seats.

Re:Obligatory Car Analogy (1)

Crashspeeder (1468723) | more than 5 years ago | (#26728931)

...I don't see the problem. That sounds like a service you'd otherwise have to pay for.

wow... so cool... (1)

Abuzar (732558) | more than 5 years ago | (#26728527)

Ingenious! Simple and novel, there's a beauty to this scam just in its form. I wonder how effective it is. The workings of outlaw minds can sometimes be very interesting indeed.

Dear fliers-posting malware authors (4, Funny)

Yvan256 (722131) | more than 5 years ago | (#26728611)

I don't have a car, you insensitive clod!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...