Don’t be too quick to believe that the New York State police are charging you with a traffic offence – that email you just opened in your inbox could actually be an attempt to infect your computer.
The team at SophosLabs have been intercepting a malicious spam campaign today which tries to trick the recipient into believing that they were caught speeding.
Here’s what a typical email used in the attack looks like:
Subject: NYC Traffic Ticket [id number]
Message body:
New York State * Department of Motor Vehicles
UNIFORM TRAFFIC TICKETNEW YORK STATE POLICE * POLICE AGENCY
Local Police Code
THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS
Time: 7:18 AM
Date of Offense: 09/12/2011IN VIOLATION OF
NYS V AND T LAW DESCRIPTION OF VIOLATION:
SPEED OVER 55 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM
Of course, if you have your head on straight you might ask yourself how the New York police could possibly have your email address (or at least how they would have connected it to your car). Or you might realise that the message is clearly spam as you weren’t anywhere near New York on the day in question.
But plenty of people won’t have their head on straight, and – in their fluster – might click on the link without thinking. That’s what the cybercriminals are banking on.
Malware authors have used a very similar disguise in the past, tricking users into opening a dangerous attachment.
On this occasion, however, there is no attachment. Instead, a link takes users to a website playing host to the Blackhole exploit kit – within seconds visiting computers can be infected via Adobe Flash and PDF exploits, detected by Sophos products as Troj/SWFExp-AI and Troj/PDFEx-GD.
We’ve certainly seen lots of attacks involving the Blackhole exploit kit lately, including rejected wire transfer notifications and fake Facebook photo tag notifications.
Keep your anti-virus software up-to-date, your operating system and applications patched, and – essentially – your wits about you.
Source: http://nakedsecurity.sophos.com/2012/07/25/nyc-traffic-ticket-spam-is-really-blackhole-malware-attack/