Uniform traffic ticket malware attack widely spammed out

Speed limitComputer users beware! There’s a new widely spammed-out malware attack, claiming that you have being fined for speeding in New York City.

The email, which claims to come from the New York State Department of Motor Vehicles, poses as a “Uniform Traffic Ticket” and says that you are charged with speeding at 7:25 AM on the 5th July 2011.

The message concludes that you should print out the attached ticket and send it to the court.

Malicious traffic ticket email

Sign up to our free newsletter.
Security news, advice, and tips.

Well, stop there right there! Because the attached file (called Ticket-O64-211.zip) contains a malicious Trojan horse, designed to download further malicious code onto your computer and compromise your security.

The truth is that although the email claims to come from an @nyc.gov email address, the details have been forged and the entire attack is designed to trick unsuspecting computer users into opening the attached file.

Sophos anti-virus products detect the malware proactively as Mal/ChepVil-A, and the ZIP file itself as Troj/Invo-Zip.

Users of other anti-virus products would be wise to check that they are protected, as this attack is being aggressively spammed out right now.

Don’t make the mistake of thinking only American computer users are at risk of attacks like this. As comments posted on Sophos’s Facebook page prove, users have been receiving these messages even when based on the other side of the world.

Facebook messages regarding malware attack

Even if you aren’t based in the United States, or even don’t drive a car, you may very well open the attachment out of curiousity and end up with an infected computer.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.