Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

'Notice to Appear in Court' Malware Emails


Emails purporting to be from the Clerk to the Court claim that recipients must appear in court on a specified date and should open a court notice contained in an attached file for further information.

Court gavel
© Sashkin7

Brief Analysis

The emails are not official court messages and recipients do not need to appear in court as claimed. The messages are designed to trick recipients into installing malware. The attachment contains a malicious .exe file hidden inside a .zip file. The subject line, the name of the clerk, the city where the hearing will supposedly be held, and other details may vary in different incarnations of the scam emails. If you receive one of these emails, do not open any attachments or click any links that it may contain.



Subject: Notice to appear in court NR#9530
Notice to Appear,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Washington in January 19, 2014 at 10:00 am.

Please bring all documents and witnesses relating to this case with you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Ruth Mason
Clerk to the Court.

Email contained an attached file with the name  ""

Detailed Analysis

Inboxes are currently being hit by fake "Notice to Appear in Court" emails that were supposedly sent by the "Clerk to the Court".  The emails claim that a court notice with further details is included in an attached file. They specify a date for the appearance along with the city where the hearing is to be held. The emails use address spoofing to make it appear that they come from well-known US law firms.

None of the claims in the messages are valid and they do not come from genuine law firms or court clerks. 

The fake court messages are designed to panic recipients into opening the attached file without due caution.  Those who do fall for the trick, and open the attached .zip file will find an .exe file inside.

If they then open the .exe file, still believing that they will see the supposed court documents, malware may be installed on their computer. Once installed, the malware, known as "Kuluoz", can download and install further malware and connect the infected computer to the Asprox botnet.

Note that the name of the clerk, the hearing date and time, the specified city, the law firm who supposedly sent the message and other details may vary in different incarnations of the malware emails. The emails may also have different subject lines than the example I have used in this article.

Be wary of any email that claims that you must appear in court and should open an attached file for details. Remember, even if a legitimate entity sends you documents via an email attachment, they will not be in the form of an executable (.exe) file.

Court Notice Malware Emails


Last updated: July 10, 2014
First published: January 2, 2014
By Brett M. Christensen
About Hoax-Slayer

Hearing of your case in Court NR#... - Virus
Asprox Botnet Reemerges in the Form of KULUOZ

Latest Hoax-Slayer Articles