Tech & Biz

Fake Parking Tickets Lead to Malware

by Jordan Yerman | February 4, 2009 at 12:37 pm

164 views | 14 Recommendations | 3 comments

Two things we hate: parking tickets and malware. Some punks came up with a novel method of spreading the latter via the former: fake parking tickets that direct the victim to a malware download.

Be safe: cops don't ask you to download anything new in order to deal with parking tickets; certainly not a toolbar for Internet Explorer.. It can all be done through the mail, and verify everything over the phone if you have any questions.

The yellow tickets found on the cars in Grand Forks, North Dakota, read: "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to" and gave a Web site, according to a blog posting on the SANS Internet Storm Center site.

The site referenced shows photos of cars in parking lots in that town and prompts the visitor to download a toolbar to see purported photos of the ticketed car. Downloading the executable installs a Trojan and displays a fake security alert when the system is rebooted. The fake alert prompts the computer user to install a fake anti-virus scanner, SANS said.

Installing PictureSearchToolbar.exe led to DNS queries for childhe.com, a domain with a bad reputation according to Symantec, McAfee, etc. Even without the Internet connection, the program installed (extracted) a DLL into C:\WINDOWS\system32. The name was random, such as tuvwwUlj.dll and iifdbCVn.dll. The MD5 of the DLL was 5f7e6f158592f0a5036d79cc63388d29.

The trojan is called Vundo, as in, "It's no vundo deal with malware".

0 See all footage | View Slideshow

Share: email story | add to any | | facebook | stumbleupon