Notice to Appear virus
I just received an email supposedly from the Clerk of the Court in Tacoma notifying me that I need to appear for a hearing on “my case”. It contains an attachment that supposedly contains the court notice on my case. There are several things wrong with the email, including the fact I’ve never been in Tacoma, the notice is a “zip” file, which is a method for shipping executables to get around virus checks (real documents would likely be a .pdf file). Finally, though some courts do send notices via emails, they would only do so if you have something pending and you explicitly give permission.
So, it turns out that this is the latest of a phishing attempt to get folks to install malware on their computers. The .zip file contains a Windows .exe executable that will attempt to install malware to join the victims computer to the Asprox botnet. This botnet uses an army of machines to attack various websites looking for vulnerabilities. It also allows others to have full access to your system.
The message that I received looks like this:
Subject: #Hearing of your case in Court N#0103-706
Notice to Appear, Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Tacoma in May 14, 2014 at 11:30 am. Please bring all documents and witnesses relating to this case with you to Court on your hearing date. The copy of the court notice is attached to this letter. Note: If you do not attend the hearing the judge may hear the case in your absence. Yours truly, MORROW WOOD Clerk to the Court.
As usual, the same rules apply:
- Never open a link or attachment unless you’re very sure that it’s legit. Even if it appears to come from a friend, it might be malware.
- Always look more carefully at messages to see if there is something “not quite right” about the message. Are there misspellings, poor grammar or odd URL domain names? If the message is from a friend, is the “tone” of the message in line with normal emails from that person?
- Is the request reasonable? Official notices are not typically delivered via email or instant messages.
- Cut-n-paste URLs into browsers, rather than clicking. Be sure that the address makes sense before hitting “return” (e.g., Fidelity’s URL will likely be fidelity.com). If not entirely sure, most legitimate notices can be located by going directly to the website without using the URL given (e.g., go to your banking site via your usual method and see if there is a message for you there.)
- Never install software unless you intend to. In this case, the executable might say that you need a special reader to read the message. Don’t do it.
If you click on such an email attachment, be sure to answer “no” if the OS pops up a message requesting permission to install something on your system.
If you have allowed this (or any) unplanned installations of software on you computer, be sure to run an updated anti-malware full scan on your machine.