The "toolbar" shows photos of parked cars in the area; the user is prompted with a pop-up with a fake security alert, attempting to lure the victim into installing phony antivirus software to clean up their machine.
"The malicious programs were run-of-the-mill; however, the use of flyers was an innovative way of social-engineering potential victims into visiting a malicious website," said Lenny Zeltser, a SANS Internet Storm Center analyst in a blog post on the attack.
Zeltser, who analyzed the malware and the attack, says the initial malware is automatically installed as a browser helper object for Internet Explorer. It then downloads code from a notoriously bad domain that's well-known among security researchers (childhe.com), and then uses the fake security alert to trick the victim into installing more malware.
"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often," Zeltser blogged.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message