Debunking hoaxes and exposing scams since 2003!





Jump To: Example    Detailed Analysis   References

'Notice to Appear in Court' Malware Emails


Jump To: Example    Detailed Analysis   References

Outline

Emails purporting to be from the Clerk to the Court claim that recipients must appear in court on a specified date and should open a court notice contained in an attached file for further information.

court noitce malware
©Depositphotos.com/ Sashkin7



Brief Analysis

The emails are not official court messages and recipients do not need to appear in court as claimed. The messages are designed to trick recipients into installing malware. The attachment contains a malicious .exe file hidden inside a .zip file. The subject line, the name of the clerk, the city where the hearing will supposedly be held, and other details may vary in different incarnations of the scam emails. If you receive one of these emails, do not open any attachments or click any links that it may contain.

   

Share







Bookmark and Share






Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:





Video






Example

Subject: Notice to appear in court NR#9530
Notice to Appear,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Washington in January 19, 2014 at 10:00 am.

Please bring all documents and witnesses relating to this case with you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Ruth Mason
Clerk to the Court.

Email contained an attached file with the name  "Court_Notice_Jones_Day_Wa#5837.zip"



Detailed Analysis

Inboxes are currently being hit by fake "Notice to Appear in Court" emails that were supposedly sent by the "Clerk to the Court".  The emails claim that a court notice with further details is included in an attached file. They specify a date for the appearance along with the city where the hearing is to be held. The emails use address spoofing to make it appear that they come from well-known US law firms.

None of the claims in the messages are valid and they do not come from genuine law firms or court clerks. 

The fake court messages are designed to panic recipients into opening the attached file without due caution.  Those who do fall for the trick, and open the attached .zip file will find an .exe file inside.

If they then open the .exe file, still believing that they will see the supposed court documents, malware may be installed on their computer. Once installed, the malware, known as "Kuluoz", can download and install further malware and connect the infected computer to the Asprox botnet.

Note that the name of the clerk, the hearing date and time, the specified city, the law firm who supposedly sent the message and other details may vary in different incarnations of the malware emails. The emails may also have different subject lines than the example I have used in this article.

Be wary of any email that claims that you must appear in court and should open an attached file for details. Remember, even if a legitimate entity sends you documents via an email attachment, they will not be in the form of an executable (.exe) file.

Court Notice Malware Emails

© Depositphotos.com/Imilian


Last updated: July 10, 2014
First published: January 2, 2014
By Brett M. Christensen

References
Hearing of your case in Court NR#... - Virus
Asprox Botnet Reemerges in the Form of KULUOZ









Latest Hoax-Slayer Articles



More stories!

'Internet Capacity Warning' Phishing Scam
According to this email, which claims to be from the 'Support Department' at 'Information Technology Services', your internet capacity is 70% full and you therefore need to contact support to avoid problems.
Published: July 6, 2015


Kroger 'Free Coupons' Survey Scam
Message being distributed across Facebook claims that users can receive free coupons from American retailer Kroger just by sharing a message and visiting a third party website to claim their prize.
Published: June 16, 2015


Pointless Facebook Warning - Hackers Posting Insulting Messages or Sexual Content In Your Name
'Hacker' alert messages circulating on Facebook claim that, without your knowledge, hackers are posting insulting or sexual messages that appear to come from you onto your Facebook Timeline.
Published: June 3, 2015