“Uniform traffic ticket” spam leads to malware

A massive spam campaign taking the form of an email notifying the recipients of a bogus traffic ticket has been detected by a number of security companies.

The email in question has falsified headers to make it look like its coming from the legitimate nyc.gov domain, the official website of New York City:

“The other false information is the date. Both the date in the Received: tag and the date in the ‘Date:’ tag have been falsified to make it seem this email has been in your in box for several days by the time you see it,” points out Gary Warner, Director of Research in Computer Forensics at University of Alabama at Birmingham.

The attachment that the recipients are urged to download, print out and send to court in order to contest the ticket is .zip file containing an executable posing as a PDF file. It is a downloader Trojan that is currently being detected by 26 of the 42 AV solutions used by Virus Total.

Once it is executed, it connects to a Russian domain from which it downloads additional malware – the same detected in the previously spotted spam emails supposedly originating from the IRS and UPS.