Hacked – in the parking lot?
Online deviants are taking their trade to the real world. Grand Forks, N.D., to be precise.
Shoppers returning to their cars found fake tickets affixed to their windshields, directing them to a website where they could view details of a parking violation.
Once online, the victims were told to download a "picture search toolbar" to view evidence of their car's infraction. But the file was really a Trojan Horse program that installed hidden malicious software. Later, the scam popped up a message warning of security flaws in the user's system, encouraging them to download a fake anti-virus program.
Thankful for some, both the original file and the subsequent download were already identified on McAfee's security software as malicious.
Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often.
While it does allow them the ability to use their knowledge of the local environment to make their scheme seem more believable, they've also potentially made it easier for law enforcers to track them down. One of the biggest problems in stopping malware campaigns is that the perpetrators are frequently oceans apart from their eventual targets, making it nearly impossible for the cops to chase them down.
But if the law enforcers can instead just sit and wait for the next time someone spots the phony parking tickets and then start retracing the steps back to the attackers, well, you get the idea.