Uniform traffic ticket malware attack widely spammed out

Filed Under: Malware, Spam

Speed limitComputer users beware! There's a new widely spammed-out malware attack, claiming that you have being fined for speeding in New York City.

The email, which claims to come from the New York State Department of Motor Vehicles, poses as a "Uniform Traffic Ticket" and says that you are charged with speeding at 7:25 AM on the 5th July 2011.

The message concludes that you should print out the attached ticket and send it to the court.

Malicious traffic ticket email

Well, stop there right there! Because the attached file (called Ticket-O64-211.zip) contains a malicious Trojan horse, designed to download further malicious code onto your computer and compromise your security.

The truth is that although the email claims to come from an @nyc.gov email address, the details have been forged and the entire attack is designed to trick unsuspecting computer users into opening the attached file.

Sophos anti-virus products detect the malware proactively as Mal/ChepVil-A, and the ZIP file itself as Troj/Invo-Zip.

Users of other anti-virus products would be wise to check that they are protected, as this attack is being aggressively spammed out right now.

Don't make the mistake of thinking only American computer users are at risk of attacks like this. As comments posted on Sophos's Facebook page prove, users have been receiving these messages even when based on the other side of the world.

Facebook messages regarding malware attack

Even if you aren't based in the United States, or even don't drive a car, you may very well open the attachment out of curiousity and end up with an infected computer.

, , , , , , ,

You might like

23 Responses to Uniform traffic ticket malware attack widely spammed out

  1. Dave · 1509 days ago

    Widely spammed out is an understatement, got 3 of these in my inbox from 4:20am to 7:25am

  2. I've had spam supposedly from Western Union, DHL, FED EX, speeding fines, parking fines etc. I Never open it. Never, I've not got a car I'm not a user of any delivery or money transfer company either. If it was a real ticket you'll soon find out. Lol

  3. ky331 · 1509 days ago

    For those who like to point out subtle errors in a scam, be advised that the speed limit in NYC in only 50 mph, not 55. It is 55 in the areas of NYS surrounding NYC (e.g., Nassau County).

  4. The poor, broken English is also a dead giveaway. "Speed over 55 zone" and "Send it to town court." Of course, the biggest dead giveaway, other than the fact that most people who receive this have never recently driven in NYC, is the fact that you would never actually get such an email from the authorities/government.

  5. Sayde · 1508 days ago

    I got to this email I live in Bulgaria and I've never been to America

  6. I get this e-mail subject ,,Uniform traffic ticket ,, every hour, last ten days, and a message from Google Team:

    <The message "Uniform traffic ticket" from no-reply 9 (no-reply.9@nyc.gov) contained a virus or a suspicious attachment. It was therefore not fetched from your account k……@k…..net and has been left on the server.
    If you wish to write to no-reply, just click reply and send no-reply a message.
    Thank you,
    The Gmail Team >

    I have put the senders address to the Blacklist on the server, but it is still coming. I do not know what to do.
    I have never opened this mail message or downloaded from the mail box on the server.

    Can you give me any advise?

    • iksi99 · 1504 days ago

      You can't Blacklist the email address, that's a whole network of infected computers. You have blacklisted a masked email address, not the true one. The malicious e-mail is sent from a different address every time, even though the sender looks the same. If you open the e-mail, your computer will join the zombie network and send out spam, infecting other computers. Just ignore the message and you'll be good.

      • Thanks Iksi99, old friend ! The time has come that teachers learn from their best students :)

        • iksi99 · 1504 days ago

          That's nothing, just helping a friend in trouble! :-)

          • iksi99 · 1504 days ago

            Be careful, though, if your computer accidentaly gets infected, it can be used to launch Denial of Service attacks.

  7. Brains · 1504 days ago

    Get this spam e-mail

    Don't drive a car.

    -Success kid

  8. I got this the other day, which is, of course, absurd, since I've never been to New York. Your software for the Mac immediately spotted it, but I would never open anything like that anyhow.

  9. Mick Ames · 1500 days ago

    I've received several of these emails. I never open anything that looks remotely suspicious and I would never open an attachment on one of these spams. I also get spam from, allegedley, the FBI, the federal Reserve, every bank you can name, to quote but a few. They all get deleted without being opened. Anyone who opens one of these emails needs his/her head read! Anyone who then goes on to open an attachment, well, they shouldn't be allowed near a computer.

    Mick Ames, United Kingdom

  10. Daniel · 1458 days ago

    Just got this today, few min ago, 8:55 eastern time.

  11. J. W. · 1452 days ago

    I'm gonna email $200.00 to be on the safe side!

  12. J.T. · 1446 days ago

    why can't our government officials or police services track this down, they would if it were a threat to POTUS

  13. Vicky · 1446 days ago

    I got this in my Yahoo mail today and I have been to NY last yr BUT I did not open the attachment but I did open the email. I hope I am not a part of that network now as I open the email. If I am how do I get myself out if possible???

    I did do an IP search on the email and it came from (get this) M.I.T. a university (well known) in MA

    I reported the whole email to yahoo as fraud and posted this page's warning on my FB page for people not to fall for it. I hope I helped someone.

    WHY do people do these things to others? They must have a miserable life and hate themselves and the world to be so evil. What goes around comes around so they will get theres in the end.

  14. Jim · 1443 days ago

    As long as you do not open the attachment, your computer will not become infected.

    While ignoring this type of malicious Email will certainly not cause you any harm, I feel this is an inadequate response. Why can't we attack the attackers?

  15. Erik · 1442 days ago

    Just got this email and opened it. I also paid the fine and sent money to a lawyer in Nigeria to help me out of the ticket. He said he was going to sue and make me millions!!!! All I had to do was send him $1500 to get the process started! I can't wait!! Gonna buy a Ferrari!

  16. don · 1440 days ago

    UNIFORM TRAFFIC TICKET comes from Lima, Peru, and an Australian point (today, 24October2011) or from Ujjain, India, to Seoul, S.Korea, to Moscow, Russia, and then to the U.S. (11October2011).

    If it were a scam, it would not work since the return address (to which a fine might be sent) is incomplete - no city, state or zip.


    Yahoo mail should be filtering this totally instead of sending it on to someone in his spam folder.

  17. Kristin · 1431 days ago

    got 3 of these this morning, but my email program didn't include any attachments or images...Haven't been to NYC in over 20 yrs.

  18. tysor · 1429 days ago

    Looks like we need to all slow the hell down! ;)

  19. Joanne · 1425 days ago

    What do you do if you opened it? :(((((

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley