Friday 12 August 2011

'Uniform Traffic Ticket' Malware Email

Outline
Email claiming to be a notification of a traffic ticket for speeding from the New York State Police urges the recipient to print out the ticket contained in an attached file and post it to the Town Court.

Brief Analysis
The message is not from police and the attachment does not contain a speeding ticket. The attachment contains malware.


 Detailed analysis and references below example.

Scroll down to submit comments
Last updated: 6th July 2011
First published: 6th July 2011
Article written by Tasawer Abbas


Example From: Police agency Subject: UNIFORM TRAFFIC TICKET New York State ? Department of Motor Vehicles
UNIFORM TRAFFIC TICKETNEW YORK STATE POLICE

Local Police Code

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 07/02/2011


IN VIOLATION OF
NYS V AND T LAW Description of Violation:
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117


Email incudes an attached file named "Ticket.zip"



Detailed Analysis
This email, which purports to be from the New York State Police, claims that the recipient has been charged with speeding in violation of New York State law. The message advises recipients wishing to plead the case to print out a traffic ticket contained in an attached file and mail it to the Town Court at Chatam Hall.


However, the message is certainly not from New York State Police and the attachment does not contain a speeding ticket. In fact, the attachment contains a trojan that, if opened, can install itself on the user?s computer. Typically, such trojans are able to contact a remote server and download further malware that can steal information from the infected computer and allow criminals to control it from afar.


In this case, the criminals responsible for the malware emails obviously hope that their message will panic people into opening the attachment without due care and attention. A great many of the people who receive one of these widely distributed emails will not have even been in New York on the date specified. Thus, at least some, fearing a major error by the police, are likely to immediately open the attachment with the intention of sending off the supposed ticket and pleading their innocence. Such simple - but often quite effective - social engineering tricks have proved very useful for scammers over many years.


Police departments are very unlikely to send people traffic violations via unsolicited emails. This tactic is similar to another current malware campaign in which recipients are instructed to open an attached file in an email purporting to be from the IRS.


Be very cautious of any unsolicited email that claims to be from police or a government department and instructs you to open an attached file or follow a link. Such tactics are commonly used by criminals intent on distributing malware or tricking recipients into divulging personal and financial information via phishing scams.


 

No comments:

Post a Comment