Malware-Laced Traffic Ticket Spam Coming to an Email Inbox Near You

Speed Camera WarningDon’t be fooled by any spam emails claiming that you’ve been busted for speeding.

Cybercriminals are giving traffic ticket spam another go, which means you will have the option to click on a malicious link or download an attached file laced with malware. It all depends on which spam message you get.

Regardless of the delivery method, the goal is still the same: infect as many computers as possible.

Below are examples of the traffic ticket themed emails currently making rounds, courtesy of computer security firms Webroot and Sophos.

NYC Traffic Ticket Spam Makes a Comeback

First up, the sample traffic ticket intercepted by Sophos:

Subject: NYC Traffic Ticket N(ID:  XXXXXXXXXXX)

New York State * Department of Motor Vehicles
UNIFORM TRAFFIC TICKET

NEW YORK STATE POLICE * POLICE AGENCY

Local Police Code

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:18 AM
Date of Offense: 9/12/2011

IN VIOLATION OF
NYS V AND T LAW Description of Violation:
SPEED OVER 55 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM

If the email seems familiar, it’s because it’s almost identical to the New York Traffic Ticket spam I wrote about in October 2011. The only real difference here is that the payload is delivered through a malicious link pointing to a site housing the Blackhole exploit kit versus a file attachment.

Upon visit, the exploit pack will attempt to exploit vulnerabilities within Adobe Flash or PDF to install malware on the target’s machine.  Sophos detects the threats associated with this attack as Troj/SWFExp-AI and Troj/PDFEx-GD.

Speeding Violation Spam Claims to Have Video Evidence

The traffic ticket spam email provided by Webroot was new to me. Instead of simply saying you had a ticket, it claimed to have video evidence that you had broken the law! Clever move, spammers.

Traffic police violation center.

Hello, your vehicle has been identified on Friar’s Way as violating the red light traffic signal on [RANDOM DATE]. Please find the camera recording of your vehicle attached to this notification.

You can comply with this Violation notification as follows: Pay the sanction and surcharge, indicate you are not the driver, or contest responsibility.

Sun, 15 Jul 2012 15:04:04 +0400

Now, I’m sure most of us would want to see this alleged “proof,” but hold on just a second… did you see the name of the attached file (click to see the VirusTotal report, the file name is at the top)? It’s clearly not a police video.

Nope, it’s just the Gamarue.I worm, which is often the malware of choice attached to spam – just check a few other posts on our blog.

Don’t fall for any of these spam tricks, folks. If you really were busted for a traffic violation, any follow-up correspondence is likely to arrive via good ol’ snail mail. Think about it: when exactly did you disclose your email address to the authorities?

It’d still be a good idea to keep your OS up-to-date and run antivirus just in case you have a brief lapse in judgment. ;)

Photo Credit: amandabhslater

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware, phishing, spam and tagged , , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5