Upon finding the traffic violation tickets on their windscreen, drivers in Grand Rapids, North Dakota, were instructed to visit a website where they could search for photographic proof of their bad parking.
The ticket read: ‘PARKING VIOLATION: This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]’.
While searching for their own cars, users would be presented with pictures of badly-parked vehicles in car parks, which had been under the ‘Photoshop’ knife to remove registration plate details.
The user would then be tricked into downloading an executable ‘toolbar’ containing a Trojan.
“Attackers continue to come up with creative ways of tricking potential victims into installing malicious software,” wrote Lenny Zeltser, anti-virus analyst at the SANS Institute. “Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often.”