Friday, February 6, 2009

Parking Tickets and Social Engineering


(not the actual ticket - Creative Commons attribution licensed image courtesy singsing_sky)

Lenny Zeltser of the ISC reports that he recently investigated malware that was spread after victims visited a URL that was included on a parking violation flyer on their car. The BBC picked up the story, meaning copycats are far more likely as this hits major news media. Make sure you check out Lenny's article, as his malware analysis is always worth a read.

The bigger question is if we'll see more of this - I suspect yes. We've seen penetration testers use "lost" thumbdrives in parking lots to get into secure networks and the US military has banned thumb drives on some of their networks due to possible threats.. Now we've gone to the next level and rely on users typing in a URL to compromise their own machines. This would be particularly easy on college campuses or other venues during game days or other events, when many people receive parking tickets because they are unfamiliar with the parking rules, or may have parked in the wrong location.

The best technical fix for organizations is likely a combination of border URL filtering (or DNS blackholing), a good centrally managed AV solution, and strong host level anti-malware software. I've seen a lot of good results with Malwarebytes recently, particularly when removing trojans that the major AV companies miss or are unable to properly clean, and that's what I will be recommending to end users.

No comments: