The text of the tickets read, “PARKING VIOLATION This vehicle is in violation of standard parking regulations,” according to SecurityProPortal.com. Ticket recipients were then told to go to a Web site so that they could “view pictures with information about your parking preferences” and install a toolbar.

It turns out that the so-called “toolbar” installation was a ruse to get the ticket recipients to download a Trojan Horse which installed malware, including a message informing of purported security flaws and suggesting the download of bogus anti-virus software.

Both the file and the security download had been flagged by McAfee anti-virus software. But the North Dakota-area ploy is momentous for reasons beyond the immediate threat to online security: it used real-world documents in order to conduct cyber-theft.

“Attackers continue to come up with creative ways of tricking potential victims into installing malicious software,” SANS Internet Storm Center researcher Lenny Zelster, who blew open the scheme, was quoted as saying by The Christian Science Monitor. “Merging physical and virtual worlds via objects that point to website is one way to do this. I imagine we’ll be seeing such approaches more often.”