Cybercriminals are giving traffic ticket spam another go, which means you will have the option to click on a malicious link or download an attached file laced with malware. It all depends on which spam message you get.
Regardless of the delivery method, the goal is still the same: infect as many computers as possible.
Below are examples of the traffic ticket themed emails currently making rounds, courtesy of computer security firms Webroot and Sophos.
NYC Traffic Ticket Spam Makes a Comeback
First up, the sample traffic ticket intercepted by Sophos:
Subject: NYC Traffic Ticket N(ID: XXXXXXXXXXX)
New York State * Department of Motor Vehicles
UNIFORM TRAFFIC TICKET
NEW YORK STATE POLICE * POLICE AGENCY
Local Police Code
THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS
Time: 7:18 AM
Date of Offense: 9/12/2011
IN VIOLATION OF
NYS V AND T LAW Description of Violation:
SPEED OVER 55 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM
If the email seems familiar, it’s because it’s almost identical to the New York Traffic Ticket spam I wrote about in October 2011. The only real difference here is that the payload is delivered through a malicious link pointing to a site housing the Blackhole exploit kit versus a file attachment.
Upon visit, the exploit pack will attempt to exploit vulnerabilities within Adobe Flash or PDF to install malware on the target’s machine. Sophos detects the threats associated with this attack as Troj/SWFExp-AI and Troj/PDFEx-GD.
Speeding Violation Spam Claims to Have Video Evidence
The traffic ticket spam email provided by Webroot was new to me. Instead of simply saying you had a ticket, it claimed to have video evidence that you had broken the law! Clever move, spammers.
Traffic police violation center.
Hello, your vehicle has been identified on Friar’s Way as violating the red light traffic signal on [RANDOM DATE]. Please find the camera recording of your vehicle attached to this notification.
You can comply with this Violation notification as follows: Pay the sanction and surcharge, indicate you are not the driver, or contest responsibility.
Sun, 15 Jul 2012 15:04:04 +0400
Now, I’m sure most of us would want to see this alleged “proof,” but hold on just a second… did you see the name of the attached file (click to see the VirusTotal report, the file name is at the top)? It’s clearly not a police video.
Nope, it’s just the Gamarue.I worm, which is often the malware of choice attached to spam – just check a few other posts on our blog.
Don’t fall for any of these spam tricks, folks. If you really were busted for a traffic violation, any follow-up correspondence is likely to arrive via good ol’ snail mail. Think about it: when exactly did you disclose your email address to the authorities?
It’d still be a good idea to keep your OS up-to-date and run antivirus just in case you have a brief lapse in judgment.
Photo Credit: amandabhslater