Gootkit banking Trojan via Fake UKPC parking penalty appeals

I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will be very similar to the ones described in these 2 posts [1] [2].

UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They do not ( as far as I can tell) control on street parking on behalf of any Local Authority in the UK. There is a lot of information on the internet suggesting UKPC are a scam or less scrupulous company that regularly breaks the law and issues non enforceable penalty notices, for spurious “offences”. I am not going to get into the argument over private parking companies sending out penalty notices here. This post is alerting to a current malware delivery campaign using the UKPC logo & imitation of their website to scam recipients & steal banking details.

These campaigns are generally very well done & use sites that resemble strongly the genuine UKPC Appeals site ukpcappeals.co.uk.

The current domain being used in this malware delivery scam is ukpcappeals.org which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site. The criminals behind this scam have made it much more difficult for researchers and antivirus companies to investigate this delivery method easily. Each IP and computer only gets 1 attempt at contacting the site and downloading the zip file, then you get a 403 forbidden message.

UKPC has not been hacked or had their email or other servers compromised. They are no ..