Over the past week we've received a massive amount of virus infected spam, ostensibly from the prestigious law firm, Latham & Watkins. With the subject "Urgent court notice" comes a zip file, such as the one named Court_Notice_Latham_and_Watkins__NY82008.zip or using the Jones Day name. It apparently contains an executable file that is assumed to be malicious. While any attorney or legal professional would easily conclude that the court notice is not genuine, it probably has fooled a number of laypersons who may be appearing for a court date this month.
E-mail spoofing is also known as forging e-mail headers. An email message will appear to have originated from someone other than the actual sender. Its purpose is to gain the trust of the recipient and to lead them to performing an action, such as opening up a file that will install malware or a virus onto their computer.
The zip file attachment for this Court Notice spam typically uses the name of a law firm (Latham & Watkins as well as Jones Day.) It apparently contains some type of malware or trojan. The body of the email appears as follows:
Looking in the header, the IP address associated with the email is located in Denver, Colorado and has been identified as a significant source of spam by the most of the major Realtime Blackhole Lists such as Spamhaus and Spamcop. It would appear that the email does not originate from a compromised server at the law firm, despite seeing the domain name appear several times in the header.
Names of the clerks range from stock American names to those associated with hairdressers:
E-mail spoofing is also known as forging e-mail headers. An email message will appear to have originated from someone other than the actual sender. Its purpose is to gain the trust of the recipient and to lead them to performing an action, such as opening up a file that will install malware or a virus onto their computer.
The zip file attachment for this Court Notice spam typically uses the name of a law firm (Latham & Watkins as well as Jones Day.) It apparently contains some type of malware or trojan. The body of the email appears as follows:
Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 14 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Jackson Allen
Clerk to the Court.
Looking in the header, the IP address associated with the email is located in Denver, Colorado and has been identified as a significant source of spam by the most of the major Realtime Blackhole Lists such as Spamhaus and Spamcop. It would appear that the email does not originate from a compromised server at the law firm, despite seeing the domain name appear several times in the header.
Return-path: <service.448@lw.com>
Envelope-to: ***********@thelaw.com
Delivery-date: Tue, 24 Dec 2013 08:28:32 -0500
Received: from c-75-70-19-185.hsd1.co.comcast.net ([75.70.19.185]:53185 helo=lw.com)
by server.********.net with smtp (Exim 4.82)
(envelope-from <service.448@lw.com>)
id 1VvS2C-0007gk-57
for *******@thelaw.com; Tue, 24 Dec 2013 08:28:32 -0500
Message-ID: <002f01cf00abf823f8756a01a8c0@THEBODYSHOP-HP>
From: "Notice to Appear" <service.448@lw.com>
To: <**********@thelaw.com>
Subject: Notice of appearance in court No#4394
Date: Tue, 24 Dec 2013 06:28:01 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_002C_01CF0071.4BC2B630"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: XimianEvolution1.4.6
X-MimeOLE: Produced By XimianEvolution1.4.6
X-Antivirus: avast! (VPS 131224-0, 12/24/2013), Inbound message
X-Antivirus-Status: Clean
Other variants of this message include this short form:
Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 15 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Taylor Murphy
Clerk to the Court.
Names of the clerks range from stock American names to those associated with hairdressers:
- Jackson Phillips
- Miller Morris
- Johnson Lewis
- Taylor Murphy
- Martin Parker
- Clark Perez
- Abigail Smith
- Margaret Tailor
- Mary Smith
- Emma Tailor
- Lily Tailor
- Linda Mason
- Legal Practice
- Computers - Internet
- Jurisdiction
- Other