Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 170 - January, 2014 (2nd Edition) - Page 23

'Notice to Appear in Court' Malware Emails

Issue 170 Start Menu

Previous Article            Next Article

Emails purporting to be from the Clerk to the Court claim that recipients must appear in court on a specified date and should open a court notice contained in an attached file for further information.

Court gavel

© Sashkin7

Brief Analysis
The emails are not official court messages and recipients do not need to appear in court as claimed. The messages are designed to trick recipients into installing malware. The attachment contains a malicious .exe file hidden inside a .zip file.  The subject line, the name of the clerk, the city where the hearing will supposedly be held, and other details may vary in different incarnations of the scam emails. If you receive one of these emails, do not open any attachments or click any links that it may contain.

Bookmark and Share


Subject: Notice to appear in court NR#9530
Notice to Appear,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Washington in January 19, 2014 at 10:00 am.

Please bring all documents and witnesses relating to this case with you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Ruth Mason
Clerk to the Court.

Email contained an attached file with the name  ""

Detailed Analysis

Inboxes are currently being hit by fake "Notice to Appear in Court" emails that were supposedly sent by the "Clerk to the Court".  The emails claim that a court notice with further details is included in an attached file. They specify a date for the appearance along with the city where the hearing is to be held. The emails use address spoofing to make it appear that they come from well-known US law firms.

None of the claims in the messages are valid and they do not come from genuine law firms or court clerks. 

The fake court messages are designed to panic recipients into opening the attached file without due caution.  Those who do fall for the trick, and open the attached .zip file will find an .exe file inside.

If they then open the .exe file, still believing that they will see the supposed court documents, malware may be installed on their computer. Once installed, the malware, known as "Kuluoz", can download and install further malware and connect the infected computer to the Asprox botnet.

Note that the name of the clerk, the hearing date and time, the specified city, the law firm who supposedly sent the message and other details may vary in different incarnations of the malware emails. The emails may also have different subject lines than the example I have used in this article.

Be wary of any email that claims that you must appear in court and should open an attached file for details. Remember, even if a legitimate entity sends you documents via an email attachment, they will not be in the form of an executable (.exe) file.

Bookmark and Share

Last updated: January 2, 2014
First published: January 2, 2014
By Brett M. Christensen
About Hoax-Slayer

Hearing of your case in Court NR#... - Virus
Asprox Botnet Reemerges in the Form of KULUOZ

Previous Article            Next Article

Issue 170 Start Menu

Pages in this issue:
  1. 'Paul Walker Still Alive After Accident' Phishing and Survey Scam
  2. 'Profile Visitors for Facebook' Rogue App and Survey Scam
  3. PG & E Energy Statement Malware Emails
  4. Fake Picture: 'Thailand Snake Girl' - Serpentosis Malianorcis
  5. Tom Crist Lottery Win Advance Fee Scam
  6. Legoland Child Abduction Attempt Hoax
  7. Fake Picasa 'New Photos' Emails Point to Dodgy Pharmacy Website
  8. 'Win a Disney Cruise' Survey Scam
  9. Bogus Advice - Block Hackers by Adding 'Security' to Facebook Blocking Function
  10. Fake - Giant Squid Image
  11. Commonwealth Bank 'eStatement Ready' Phishing Scam
  12. 'Singer Rihanna Found to be Dead' Facebook Survey Scam
  13. Satire - Pope Francis and the 'Third Vatican Council'
  14. Snow Canyon Roadway Image
  15. Albert (Tapper) Torney and the Can Car Sculptures That He Did NOT Make
  16. 'Your Atmos Energy Bill is Available' Malware Email
  17. 'Beware Hack Scam Rollercoaster Clip' Facebook Warning Message
  18. Sainsbury's 'Customer Satisfaction Survey' Phishing Scame
  19. Satire - '18 Million Birds Dead New Year's Eve'
  20. Hoax - 'Marijuana Overdoses Kill 37 in Colorado'
  21. Hoax Report Claims Paul Walker Faked His Own Death
  22. 'Shark Eats Swimming Man' Facebook Survey Scam
  23. 'Notice to Appear in Court' Malware Emails
  24. 'Most Fatal Car Accident' Survey Scam
  25. Hoax - Extraordinary Planetary Alignment To Decrease Gravity on January 4
  26. 'World's Largest Snake Video' Survey Scam
  27. Michael Jackson Died Years Ago Hoax
  28. 'My Home is Burning' Facebook Phishing and Malware Scam
  29. Facebook 'Closed for Maintenance' Prank