Judge's Gavel
Home Malware ‘Notice to Appear in Court’ Malware Emails

‘Notice to Appear in Court’ Malware Emails

by Brett M. Christensen

Outline

Emails purporting to be from the Clerk to the Court claim that recipients must appear in court on a specified date and should open a court notice contained in an attached file for further information.

Brief Analysis

The emails are not official court messages and recipients do not need to appear in court as claimed. The messages are designed to trick recipients into installing malware. The attachment contains a malicious .exe file hidden inside a .zip file. The subject line, the name of the clerk, the city where the hearing will supposedly be held, and other details may vary in different incarnations of the scam emails. If you receive one of these emails, do not open any attachments or click any links that it may contain.

Video


 

 


 

Examples

Subject: Notice to appear in Court #0000954246

Notice to Appear,

You have to appear in the Court on the September 09.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

You can find the Court Notice is in the attachment.

Sincerely,
Bob Rodriguez,
Clerk of Court.

 

Subject: Notice to appear in court NR#9530
Notice to Appear,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Washington in January 19, 2014 at 10:00 am.

Please bring all documents and witnesses relating to this case with you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Ruth Mason
Clerk to the Court.

Email contained an attached file with the name  “Court_Notice_Jones_Day_Wa#5837.zip”

 

Detailed Analysis

Inboxes are currently being hit by fake “Notice to Appear in Court” emails that were supposedly sent by the “Clerk to the Court”.

The emails claim that a court notice with further details is included in an attached file. They specify a date for the appearance along with the city where the hearing is to be held. The emails use address spoofing to make it appear that they come from well-known US law firms.

None of the claims in the messages is valid and they do not come from genuine law firms or court clerks.

The fake court messages are designed to panic recipients into opening the attached file without due caution.  Those who do fall for the trick, and open the attached .zip file will find an .exe file inside.
If they then open the .exe file, still believing that they will see the supposed court documents, malware may be installed on their computer. Once installed, the malware, known as “Kuluoz”, can download and install further malware and connect the infected computer to the Asprox botnet.

Note that the name of the clerk, the hearing date and time, the specified city, the law firm who supposedly sent the message and other details may vary in different incarnations of the malware emails. The emails may also have different subject lines than the example I have used in this article.

Be wary of any email that claims that you must appear in court and should open an attached file for details. Remember, even if a legitimate entity sends you documents via an email attachment, they will not be in the form of an executable (.exe) file.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer