News Top Law Firms Spoofed in Malware Spam Email Campaign

Over the past week we've received a massive amount of virus infected spam, ostensibly from the prestigious law firm, Latham & Watkins. With the subject "Urgent court notice" comes a zip file, such as the one named Court_Notice_Latham_and_Watkins__NY82008.zip or using the Jones Day name. It apparently contains an executable file that is assumed to be malicious. While any attorney or legal professional would easily conclude that the court notice is not genuine, it probably has fooled a number of laypersons who may be appearing for a court date this month.

E-mail spoofing is also known as forging e-mail headers. An email message will appear to have originated from someone other than the actual sender. Its purpose is to gain the trust of the recipient and to lead them to performing an action, such as opening up a file that will install malware or a virus onto their computer.

The zip file attachment for this Court Notice spam typically uses the name of a law firm (Latham & Watkins as well as Jones Day.) It apparently contains some type of malware or trojan. The body of the email appears as follows:

Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 14 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Jackson Allen
Clerk to the Court.

Looking in the header, the IP address associated with the email is located in Denver, Colorado and has been identified as a significant source of spam by the most of the major Realtime Blackhole Lists such as Spamhaus and Spamcop. It would appear that the email does not originate from a compromised server at the law firm, despite seeing the domain name appear several times in the header.

Return-path: <service.448@lw.com>​
Envelope-to: ***********@thelaw.com​
Delivery-date: Tue, 24 Dec 2013 08:28:32 -0500​
Received: from c-75-70-19-185.hsd1.co.comcast.net ([75.70.19.185]:53185 helo=lw.com)​
by server.********.net with smtp (Exim 4.82)​
(envelope-from <service.448@lw.com>)​
id 1VvS2C-0007gk-57​
for *******@thelaw.com; Tue, 24 Dec 2013 08:28:32 -0500​
Message-ID: <002f01cf00abf823f8756a01a8c0@THEBODYSHOP-HP>​
From: "Notice to Appear" <service.448@lw.com>​
To: <**********@thelaw.com>​
Subject: Notice of appearance in court No#4394​
Date: Tue, 24 Dec 2013 06:28:01 -0600​
MIME-Version: 1.0​
Content-Type: multipart/mixed;​
boundary="----=_NextPart_000_002C_01CF0071.4BC2B630"​
X-Priority: 3​
X-MSMail-Priority: Normal​
X-Mailer: XimianEvolution1.4.6​
X-MimeOLE: Produced By XimianEvolution1.4.6​
X-Antivirus: avast! (VPS 131224-0, 12/24/2013), Inbound message​
X-Antivirus-Status: Clean​
Other variants of this message include this short form:
Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 15 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Taylor Murphy
Clerk to the Court.

Names of the clerks range from stock American names to those associated with hairdressers:
  • Jackson Phillips
  • Miller Morris
  • Johnson Lewis
  • Taylor Murphy
  • Martin Parker
  • Clark Perez
  • Abigail Smith
  • Margaret Tailor
  • Mary Smith
  • Emma Tailor
  • Lily Tailor
  • Linda Mason
Legal Practice
Computers - Internet
Jurisdiction
  1. Other
  • gmail-email.jpg
    gmail-email.jpg
    13.9 KB · Views: 158
About author
Michael Wechsler
Michael M. Wechsler is an experienced attorney, founder of TheLaw.com, A. Research Scholar at Columbia Business School and of-counsel to Kaplan, Williams & Graffeo, LLC. He was also an SVP and chief Internet strategist at Zedge.net and legal consultant at Kroll Ontrack, a leading service e-discovery and computer forensics service provider.

Comments

There are no comments to display.

Article information

Author
Michael Wechsler
Article read time
3 min read
Views
5,700
Last update

More in Internet & Computer Law

More from Michael Wechsler

Share this article

Back
Top