Debunking hoaxes and exposing scams since 2003!

Jump To: Example    Detailed Analysis   References

'Notice to Appear in Court' Malware Emails

Jump To: Example    Detailed Analysis   References


Emails purporting to be from the Clerk to the Court claim that recipients must appear in court on a specified date and should open a court notice contained in an attached file for further information.

court noitce malware
© Sashkin7

Brief Analysis

The emails are not official court messages and recipients do not need to appear in court as claimed. The messages are designed to trick recipients into installing malware. The attachment contains a malicious .exe file hidden inside a .zip file. The subject line, the name of the clerk, the city where the hearing will supposedly be held, and other details may vary in different incarnations of the scam emails. If you receive one of these emails, do not open any attachments or click any links that it may contain.



Bookmark and Share



Subject: Notice to appear in Court #0000954246

Notice to Appear,

You have to appear in the Court on the September 09.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

You can find the Court Notice is in the attachment.

Bob Rodriguez,
Clerk of Court.

Subject: Notice to appear in court NR#9530
Notice to Appear,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Washington in January 19, 2014 at 10:00 am.

Please bring all documents and witnesses relating to this case with you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Ruth Mason
Clerk to the Court.

Email contained an attached file with the name  ""

Detailed Analysis

Inboxes are currently being hit by fake "Notice to Appear in Court" emails that were supposedly sent by the "Clerk to the Court".  The emails claim that a court notice with further details is included in an attached file. They specify a date for the appearance along with the city where the hearing is to be held. The emails use address spoofing to make it appear that they come from well-known US law firms.

None of the claims in the messages are valid and they do not come from genuine law firms or court clerks. 

The fake court messages are designed to panic recipients into opening the attached file without due caution.  Those who do fall for the trick, and open the attached .zip file will find an .exe file inside.

If they then open the .exe file, still believing that they will see the supposed court documents, malware may be installed on their computer. Once installed, the malware, known as "Kuluoz", can download and install further malware and connect the infected computer to the Asprox botnet.

Note that the name of the clerk, the hearing date and time, the specified city, the law firm who supposedly sent the message and other details may vary in different incarnations of the malware emails. The emails may also have different subject lines than the example I have used in this article.

Be wary of any email that claims that you must appear in court and should open an attached file for details. Remember, even if a legitimate entity sends you documents via an email attachment, they will not be in the form of an executable (.exe) file.

Court Notice Malware Emails


Last updated: September 2, 2015
First published: January 2, 2014
By Brett M. Christensen

Hearing of your case in Court NR#... - Virus
Asprox Botnet Reemerges in the Form of KULUOZ

More stories!

'Internet Capacity Warning' Phishing Scam
According to this email, which claims to be from the 'Support Department' at 'Information Technology Services', your internet capacity is 70% full and you therefore need to contact support to avoid problems.
Published: July 6, 2015

Kroger 'Free Coupons' Survey Scam
Message being distributed across Facebook claims that users can receive free coupons from American retailer Kroger just by sharing a message and visiting a third party website to claim their prize.
Published: June 16, 2015

Pointless Facebook Warning - Hackers Posting Insulting Messages or Sexual Content In Your Name
'Hacker' alert messages circulating on Facebook claim that, without your knowledge, hackers are posting insulting or sexual messages that appear to come from you onto your Facebook Timeline.
Published: June 3, 2015