A wave of parking fine spam continues to infect computers in the UK with Zeus, or the Zbot Trojan, seeking to steal confidential information, according to Bitdefender. So far, the security company blocked the Trojan from infecting hundreds of computers.
The ‘reminder notice’ e-mails purporting to be from the UK’s Ministry of Justice started to invade UK inboxes a couple of months ago. The wave registered a spike on May 15 when, in a two-hour period, one out of five samples was a bogus parking fine message.
The fake notices warn Brits they will be extra-charged if they will not pay a £70 or £78 fee. They also threaten their ability to obtain credit in the future could be affected. The e-mails claim to hold “photographic evidence on file to support this claim.”
“Your vehicle was recorded parked on our Clients Private Property driveways on the 15.05.2014 and remained on site for 2 hour 23 min,” fake e-mails read. “A notice was sent to you on 10.04.2014 which gave 28 days to pay full PARKING CHARGE or challenge the issue.”
The downloader poses as a pdf attachment and is detected by Bitdefender as Trojan.GenericKD.1681628. When opened, Form-STD-Vehicle-150514.scr connects to a pharmaceutical web site controlled by the attackers. Such web pages are either legitimate businesses compromised by hackers or web sites especially created to distribute malware.
The file then downloads and executes Trojan.GenericKD.1681983, a Zbot or Zeus variant. Such malware is designed to harvest personal information from infected computers and send it to criminals. Zeus targets details such as passwords, usernames, system information and banking credentials. It may also download further malware and allow cyber-criminals to control the infected computer remotely.
Bitdefender advises users to keep their software and antivirus solution updated. UK citizens should also be cautious when opening attachments or clicking dubious links and may report such e-mails to the UK Action Fraud.
In March this year, the Ministry of Justice warned that parking fine messages are scams “likely to contain a virus” and they were “aware that a large number of people have received a scam ‘REMINDER NOTICE DO NOT IGNORE’ email.”
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on spam samples provided courtesy of Ionut-Daniel RAILEANU, Bitdefender Anti-Spam Researcher and the technical information provided by Doina COSOVAN, Bitdefender Virus Analyst.