It’s not a freebie but it’s a WARNING

21 Aug

The few spam emails that I have created has emails that took me by surprise. Subject line: Notice to Appear

It has an attachment but I knew better than to open it. This is what it said:

Notice to Appear,

The copy of the court notice is attached to this letter. Please, read
it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Truly yours,
Clerk to the Court,
Diana Mason

Today’s email was signed by:
Elizabeth Mason

In doing research I find that the attachment has a virus so DO NOT OPEN IT. Here is the information;

A fake Notice to Appear at court claims you need to bring all documents and witnesses. Later versions mention pretrial notice and being a defendant for something like illegal software use.
Attached zip file contains an exe virus or trojan horse.
Spoofs some law firm domain like,,,,,,,,,,,,,, or in headers.
This is an Asprox botnet email spreading Kuluoz / Dofoil malware.
Jones Day / Latham & Watkins / Hogan Lovells / McDermott Will & Emery / Skadden, Arps, Slate, Meagher & Flom / Gibson Dunn / Covington & Burling / Baker Botts / and Orrick, Herrington & Sutcliffe / Bryan Cave / Perkins Coie / Alston & Bird / Dechert / Sullivan & Cromwell / Seyfarth Shaw are real law firms, these emails are NOT from them.
On 11 March 2014, there was a series of copy-cat “notice to appear in court” emails that basically copied this series. Different botnet, different malware. And once again, Asprox was doing it before it was cool.

Leave a comment

Posted by on August 21, 2014 in This and That


Tags: , , , , , ,

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: