The Latest in IT Security

“UNIFORM TRAFFIC TICKET” Not from New York State Police

12
Jul
2011

The first thing that most computer users do in the morning is to check their email. So recently just as usual I too checked my Inbox and spam folder. However there was one email [Figure 1] in my Spam folder that got my attention. It seemed suspicious and I did not want to fall into a trap so I carefully reviewed it. This blog details my findings.

The email is disguised as a "Traffic Ticket" from New York State Police; it claims that I have been charged with speeding violation. The email body recommends that if I want to plead, I need to print out the attached file and send it to Town Court, Chatam Hall. The attached file is not a traffic ticket but in fact it is a malware. I know that my local road traffic agency will never email any infringement, but would have mailed it via post instead.

Obviously, this email is just one of the few new social engineering tricks that cyber criminals are employing these days to attack unsuspecting users, simple yet quite effective.

                                                                        [Figure 1 – Fake Traffic Ticket Email]

Distinctive Spam Email Characteristics

The email contains the Subject: UNIFORM TRAFFIC TICKET #7046

The email contains the Body:

————————————————————————————————————————————————————–

                                                    New York State – Department of Motor Vehicles
                                                                        UNIFORM TRAFFIC TICKET
                                                                                                                                                                                    POLICE AGENCY
   NEW YORK STATE POLICE
   Local Police Code

                                           THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

   Time                    Date of Offense                                                IN VIOLATION OF
   7:25 AM              07/02/2011                                                        NYS V AND T LAW
    
   Description of Violation
   SPEED OVER 55 ZONE
   TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

————————————————————————————————————————————————————–

File Attachment: Ticket.zip

The file Ticket.zip contains a file ticket.exe which CA detects as Win32/Chepvil.CT.

If the file ticket.exe was executed, it will connect to awydhuyrf.ru to download and execute the file pusk.exe which is a variant of Win32/FraudWindowsXPFix.

Win32/FraudWindowsXPFix is a rogue security application that can display fake error message concerning your Hard Drive and scaring the user to purchase the full version of it. [Figure 2-4]

                                                            

                                                    [Figure 2 – Win32/FraudWindowsXPFix Fake Error Message]

                                                      

                                                    [Figure 3 – Win32/FraudWindowsXPFix Fake Error Message]

                        

                                                    [Figure 4 – Win32/FraudWindowsXPFix Fake Error Message]

                                                         [Figure 5 – Win32/FraudWindowsXPFix GUI]

After the fake scanning, it will report that there are numerous critical errors in your hard drive [Figure 6] and after trying to repair the errors, it will report that it failed to fix the critical errors [Figure 7].

                                                         [Figure 6 – Win32/FraudWindowsXPFix GUI]

                                                         [Figure 7 – Win32/FraudWindowsXPFix GUI]

Win32/FraudWindowsXPFix will also make certain files and folder hidden to convince the user that there is something really wrong on the user’s computer and it will continuously display fake warning messages.

Again, we advise users to beware of these kinds of emails, avoid executing attachments coming from unsolicited emails and ensure that your CA Security Products are updated with the latest signatures.

Related blog entries:

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments