Dec 302013
 

A new Urgent Court Notice  or Notice to appear in court has started its spam run with emails spoofed to pretend to come from a law firm. They have now changed and are using Gibson Dunn and Crutcher as the law firm and Los Angeles as the court this time’ These follow on from THIS and THIS

14 Jan 2014: a new version pretending to come from porrick.com ( I cannot find a law firm called porrick)  and using San Francisco as the court

15 Jan 2014: another new version pretending to come from gtlaw.com ( Greenberg Traurig)  and using New York as the court

22 Jan 2014: another new version pretending to come from reedsmith.com ( ReedSmith )  and using Pittsburgh as the court

23 Jan 2014: Another version pretending to be from skadden.com (Skadden, Arps, Slate, Meagher & Flom  LLP & Affiliates) using New York as the court again

28 Jan 2014: Another version pretending to be from scotcourts.gov.uk  using London  as the court this time  and instead of using an international firm of lawyers are pretending that the “summons” comes directly from the courts and are now using a fake PDF as the malware rather than the earlier fake word docs

11 March 2014  After quite a long break these fake urgent  court notices have restarted. Once again they are using London as the court and pretending to come from L.McNamara@scotcourts.gov.uk    However the ASprox botnet that sends these, tends to tailor the court and the sender to the geographical region that the email recipient is believed to come from. So a UK based email domain will get London as the court and US based will get LA or Chicago or whatever is the current US based one the botnet authors want to use.

29 March 2014: These continue to arrive on a  frequent ( almost daily basis ) There are very little changes from previous versions except today’s has a different alleged  law company as sender Notice of appearance reference143@lawyers-gun-money.com and the court is Des Moines

This follows on from http://myonlinesecurity.co.uk/spoofed-lw-com-notice-of-appearance-in-court-no8780-fake-word-doc-malware/  and http://myonlinesecurity.co.uk/notice-appearance-court-wa6142-fake-word-doc-malware/ It also pretends to be from a large international group of lawyers (gibsondunn.com)  with a notice to appear. various slightly different subjects on this email along with different times and dates of the alleged hearing. Also a different court clerk’s name is used, just to vary it a bit.

  • Hearing of your case in Court No07713 < numbers vary >
  • #Hearing of your case in Court N#7717-846
  • Notice to appear in court No02240  < numbers vary >
  • Urgent court notice No08976 < numbers vary >
  • Notice of appearance in court No08780 <numbers vary>
  • Notice of appearance in court N#7751-591
  • Notice to appear in court GQ#0781

===========================================================================
Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of San Francisco in January 25, 2014 at 11:00 am.
Please bring all documents and witnesses relating to this case with you to Court on your hearing date.  The copy of the court notice is attached to this letter.  Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in your absence.

Yours truly,
Alena Tailor
Clerk to the Court.
===============================================================

Notice to Appear in Court,

This is to advise that you are required to attend the court of Los Angeles in January 16, 2014 for the hearing of your case.
Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above. Attendance is compulsory.

The copy of the court notice is attached to this letter, please, download and read it thoroughly.
Samuel Chambers
Clerk to the Court.

=======================================================

Of course it isn’t a court notice or summons and the attachment definitely does not contain any information about any court case. It is another one from the current Asprox botnet runs which try to drop Kuluoz, Dofoil, fake anti-virus and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details.

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

Gibson Dunn Urgent Court Notice fake email

Gibson Dunn Urgent Court Notice fake email

 

 

 

 

Attachment zip name: Court_Notice_Los_Angeles_No0852.zip (108 kb)

Court_Notice_Los_Angeles_Gibson_Dunn_and_Crutcher.exe  Current Virus total detections: 9/48  |   MALWR Auto Analysis

14 Jan 2014  Court_Notice_Copy_No7055.zip   Court_Notice_copy_document_14_01_2014_USA.exe   Current Virus total detections: 20/48 

15 Jan 2014  Court_Notice_NY_15_01_2014_Copy_116.zip   Court_Notice_New_York_15_01_2014_copy.exe   Current Virus total detections: 2/48 

22 Jan 2014  Court_Notice_No_8437.zip extracts to Court_Notice_copy_document.exe   Current Virus total detections: 5/50

23 Jan 2014  Court_Notice_Date_01_23_ID2443.zip extracts to Court_Notice_Date_01_23_Copy_New_York.exe   Current Virus total detections: 10/49

28 Jan 2014  Court_Notice_29012014.zip (61kb) extracts to Court_Notice_29012014.exe   Current Virus total detections: 4/50

11 March 2014  document.1778-290-15-03.zip (60kb) extracts to document.1778-290-15-03.exe Current Virus total detections: 4/50

This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper Microsoft word file or PDF  instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.

 

  9 Responses to “Urgent court notice No08976 fake Word doc or pdf malware”

Comments (7) Pingbacks (2)
  1.  

    Also coming from Green Winick Lawyers with the same information “Notice to Appear in Court No#9371″ (number varies)

  2.  

    I received a version this morning, stating it was fro Millbrook Solicitors (UK) – opened email but did not open attachment. i closed it check on the solicitors as I am not subject to anything that would warrant a court appearance notice – when I went back it had disappeared from my inbox.

  3.  

    Good afternoon,

    I am French but i have lived 9 years in England an i have a flat in Tilbury. I am back to France now and i was so scared when i received this email. from mill brook lawyers. I tried to open the attachement but could not on my computer. Can you confirm it to me that all these emails are fake ? Thank you.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>