The few spam emails that I have created has emails that took me by surprise. Subject line: Notice to Appear
It has an attachment but I knew better than to open it. This is what it said:
Notice to Appear,
The copy of the court notice is attached to this letter. Please, read
Note: If you do not attend the hearing the judge may hear the case in
Clerk to the Court,
Today’s email was signed by:
In doing research I find that the attachment has a virus so DO NOT OPEN IT. Here is the information;
A fake Notice to Appear at court claims you need to bring all documents and witnesses. Later versions mention pretrial notice and being a defendant for something like illegal software use.
Attached zip file contains an exe virus or trojan horse.
Spoofs some law firm domain like jonesday.com, lw.com, mwe.com, hoganlovells.com, skadden.com, gibsondunn.com, cov.com, bakerbotts.com, orrick.com, bryancave.com, perkinscoie.com, alston.com, dechert.com, sullcrom.com, or seyfarth.com in headers.
This is an Asprox botnet email spreading Kuluoz / Dofoil malware.
Jones Day / Latham & Watkins / Hogan Lovells / McDermott Will & Emery / Skadden, Arps, Slate, Meagher & Flom / Gibson Dunn / Covington & Burling / Baker Botts / and Orrick, Herrington & Sutcliffe / Bryan Cave / Perkins Coie / Alston & Bird / Dechert / Sullivan & Cromwell / Seyfarth Shaw are real law firms, these emails are NOT from them.
On 11 March 2014, there was a series of copy-cat “notice to appear in court” emails that basically copied this series. Different botnet, different malware. And once again, Asprox was doing it before it was cool.