Computer security: a precursor of more attacks?

[cheesehead]

Folks,

There's another phishing scam a-brewing, and this new clever social-engineering scam may arrive on your car's windshield instead of in e-mail.

"Parking tickets actually malware attacks in disguise"

http://tech.yahoo.com/blogs/null/118488

Quote:

Originally Posted by Christopher Null

The last place anyone would expect to face a computer security attack is on the windshield of their car in the form of a parking ticket.

But that's the latest -- and intensely clever -- way that hackers are attempting to goad people into visiting infected websites and willingly install malware on their machines.

The scam is instantly clever once you hear how it works: Hackers print up phony "PARKING VIOLATION" notices and plaster them on cars parked on the street. The phony ticket directs the car's owner to visit a certain website, and of course the website in question (which largely seems to comprise of photos of badly parked cars) is a hack site which attempts to install malware on your PC.

Essentially what we have here is a phishing attack that takes place in the real world instead of via email. The use of fliers on parked cars is what's truly ingenious: A similar attack sent via postal mail would probably have minimal effect, but people are incredibly protective of their cars, and I imagine these windshield fliers will actually have a pretty good percentage of people typing in the URLs typed on them.

The good news -- for now -- is that the fliers are extremely crude, printed on yellow paper and offering nothing in the way of legal language that would compel a sophisticated and naturally skeptical reader to even visit the website in question. Like the earliest email phishing attacks, this attack may be simplistic, but it's probably a precursor of more advanced attacks to come. When hackers scan in real parking tickets and reprint them, replacing the URL printed there with one for a sophisticated attack site, then the sparks are going to start flying. (Installing malware is boring by comparison... I expect the real attacks will involve collecting money and hijacking credit cards and bank accounts wholesale.)

This appears to be a very limited attack (reported only in Grand Forks, North Dakota) for the time being, but it's a good idea to keep your skepticism handy next time you receive a parking "violation," just in case.

[ewmayer]

I wonder if the same trick works for these as one uses to spot e-mail-based phishing scams: just hover your mouse over the URL on the parking ticket and see if the resulting hovertext-URL matches the one printed on the ticket. Ya think?

[TimSorbet]

Quote:

Originally Posted by ewmayer

I wonder if the same trick works for these as one uses to spot e-mail-based phishing scams: just hover your mouse over the URL on the parking ticket and see if the resulting hovertext-URL matches the one printed on the ticket. Ya think?

Yeah, but it's hard to understand the mouse's squeaks to see if it is the same as the one printed.

[cheesehead]

Quote:

Originally Posted by Mini-Geek

Quote:

Yeah, but it's hard to understand the mouse's squeaks to see if it is the same as the one printed.

After the mouse hover, you have to do a cat scan!

http://todays-joke.blogspot.com/2007/04/cat-scan.html

Botta-boom

[Uncwilly]

Quote:

Originally Posted by cheesehead

After the mouse hover, you have to do a cat scan!

http://todays-joke.blogspot.com/2007/04/cat-scan.html

Botta-boom

Then you have to wait for the lab work to come back.

[ewmayer]

Quote:

Originally Posted by cheesehead

After the mouse hover, you have to do a cat scan!

http://todays-joke.blogspot.com/2007/04/cat-scan.html

Botta-boom

LOL ... but why discriminate against dog lovers - use a PET scan.

Quote:

Originally Posted by Uncwilly

Then you have to wait for the lab work to come back.

There are very few labs that do this sort of forensic mouse-squeak-ology, and they tend to be very secretive ... they are thus usually referred to in the trades as "black labs".

(I know, that was a simply arful joke).