Omniquad warns: Fake Speeding
Ticket Emails carry
W32.FakeHddRepair Trojan

News from Omniquad | May 20, 2013

There are currently emails with the subject line “Uniform Traffic Ticket” in circulation that claims to be from the New York State Department of Motor Vehicles.

The email in the example below claims the recipient was caught speeding in New York city at a certain time and recipient is charged of committing the violation “speed over 55 zone”. The email states that the victim is charged with a traffic offense and requesting that to print out the attached ticket and send it out to the town court of Chatam at a provided PO BOX.

In fact, the zipped file is not a speeding ticket but contains an .exe file which installs a Trojan on the recipient’s computer. The Trojan was identified as being W32.FakeHddRepair and which constantly displays hardware error messages.

From Microsoft Malware Protection Center has the following information about the W32.Fake Hdd Repair Trojan:

  Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named “HDD Defragmenter” hence the name “FakeSysdef” or “Fake System Defragmenter”.  


fake speeding ticket email

Fake speeding ticket email

Fake speeding ticket EXE file

Fake speeding ticket EXE file


These fake emails target motorists in New York, there is no reason to think the scammers will stick to New York, as the formula can easily be used for targeting people in other cities, states or districts.

Be cautious of any unsolicited email that claims to be from police or a government department and instructs you to open an attached file or follow a link. Such tactics are commonly used by criminals intent on distributing malware or tricking recipients into divulging personal and financial information via phishing scams.