Select Page

Cyren Security Blog

Twice as bad: speeding ticket with attached malware

Nobody likes receiving a traffic ticket, but one with attached malware is a lot worse. We could get into a philosophical argument about which is truly more terrible – a traffic ticket that adds points to your license and raises your insurance rates, or malware that infiltrates your PC, insinuating itself into your most private contents and passwords. In the end they both come down to money and hassle, although at least the traffic ticket is for the good of society (you really shouldn’t be driving that fast – it’s dangerous and uses more gasoline, which is bad for the environment). However in this case, there is no actual ticket, since it’s just a ploy to get recipients to open the email message and click on the attachment.

On October 6, Commtouch Labs started identifying a massive blast of email messages similar to the one shown here, that appears to have a PDF traffic ticket attached to the email. The colors and fonts vary among the messages, but the overall content is the same – you were caught by the New York State Police (even if you were nowhere near New York at the time). This outbreak is a continuation of the vast waves of malware outbreaks that begin in early August, with themes like UPS/Fedex, “Map of Love,” hotel charge error, NACHA payments, etc.

If you look closely at the attachment, the trained eye can fairly easy make out that it is NOT a PDF, it is an executable file with a PDF icon (sneaky sneaky). And if you go so far as to analyze the attachment (or take a quick look on the handy site VirusTotal), you will see that the attached .exe file masquerading as a PDF is actually a nasty Trojan.

As usual, drive carefully, wear your seat belt, and stay aware when you open unexpected attachments, especially if you know for a fact you haven’t been speeding recently in New York.

Email text:

UNIFORM TRAFFIC TICKET (ID:90369296),


POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code 3618

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 07/02/2011
IN VIOLATION OF NYS V AND T LAW


2369 Description of Violation

SPEED OVER 55 ZONE

TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...