Date: Mon, 23 Dec 2013 10:05:38 -0500 [10:05:38 EST]There is an attachment Court_Notice_Jones_Day_Wa#8127.zip which in turn contains an executable Court_Notice_Jones_Day_Washington.exe which is presumably malicious, but I can't analyse it. The VirusTotal detection rate for the ZIP is 4/49.
From: Notice to Appear [support.6@jonesday.com]
Subject: Hearing of your case in Court NR#6976
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 9, 2014 at 10:00
am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Alison Smith
Clerk to the Court.
Updated: a couple of other variants.. and the ISC have a report now too.
Date: Mon, 23 Dec 2013 20:02:52 -0400 [19:02:52 EST]
From: Notice to Appear [ticket_support.6@jonesday.com]
Subject: Hearing of your case in Court NR#2682
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 15, 2014 at
09:00 am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Olivia Tailor
Clerk to the Court.
--------------
Date: Mon, 23 Dec 2013 11:21:46 -0700 [13:21:46 EST]
From: Notice to Appear [ticket_support.8@jonesday.com]
Subject: Notice of appearance in court NR#5365
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 19, 2014 at
09:00 am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Jennifer Tailor
Clerk to the Court.
--------------
Date: Mon, 23 Dec 2013 21:37:10 -0700 [12/23/13 23:37:10 EST]
From: Notice to Appear [ticket_support.8@jonesday.com]
Subject: Urgent court notice NR#31620
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 11, 2014 at
11:00 am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Barbara Smith
Clerk to the Court.
Update 2 [31/12/2013] in the past couple of days there has been a renewed spam run with some slightly different details. For some reason I cannot analyse the contents of the ZIP file, but you can be sure that it is malicious.
Sample emails:
Date: Tue, 31 Dec 2013 06:45:59 -0700 [08:45:59 EST]
From: Notice to Appear [support.7@lw.com]
Subject: Urgent court notice No#14110
Notice of appearance,
Hereby you are informed that you are due in the court of New York
on the 19 of January, 2014 at 10:00 am for the hearing of your case.
You are kindly asked to prepare and bring the documents relating to
the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to
read the details.
Note: The case may be heard by the judge in your absence if you do not
come.
Yours truly,
Clark Murphy
Clerk to the Court.
============================
Date: Mon, 30 Dec 2013 17:03:29 -0400 [12/30/13 16:03:29 EST]
From: Notice to Appear [aa.support933@jonesday.com]
Subject: Notice of appearance in court NR#4723
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 17, 2014 at
10:00 am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Evie Mason
Clerk to the Court.
============================
Date: Mon, 30 Dec 2013 13:05:54 -0600 [12/30/13 14:05:54 EST]
From: Notice to Appear [order.040@gibsondunn.com]
Subject: Hearing of your case in Court No7712
Notice to Appear in Court,
This is to advise that you are required to attend
the court of Los Angeles in January 11, 2014 for the hearing of your
case.
Please, kindly prepare and bring the documents related to this case to
Court on the date mentioned above.
Attendance is compulsory.
The copy of the court notice is attached to this letter, please,
download and read it thoroughly.
ALLEN Walsh
Clerk to the Court.
Sample attachments:
Court_Notice_Latham_and_Watkins__NY07550.zip
Court_Notice_Jones_Day_Wa#6152.zip
Court_Notice_Los_Angeles_No0216.zip
Update 3: [8/1/2014] another slight variation of this has gone out in the past day or so..
Date: Mon, 06 Jan 2014 18:12:16 -0400 [01/06/14 17:12:16 EST]
From: Court attendance notification [help151@perkinscoie.com]
Subject: Court attendance notification #No597
Pretrial notice,
Hereby we inform that you are obliged to come as a defendant
to The Court of Louisiana in February 23, 2014 at 10:30 a.m.
for the hearing of your case of illegal software use.
If necessary you have a right to obtain a lawyer for your protection.
You are kindly asked to have an identity document with you.
Personal appearance is compulsory.
Please find the plaint note with more detailed case information
attached to this letter and study it thoroughly.
Court clerk,
Donna Tailor
============================
Date: Tue, 07 Jan 2014 10:56:43 -0500 [01/07/14 10:56:43 EST]
From: Pretrial Notice [notice_support.6@alston.com]
Subject: Judicial summons No8365
Pretrial notice,
Hereby we inform that you are obliged to come as a defendant
to The Court of Atlanta in February 19, 2014 at 10:00 a.m.
for the hearing of your case of illegal software use.
If necessary you have a right to obtain a lawyer for your protection.
You are kindly asked to have an identity document with you.
Personal appearance is compulsory.
Please find the plaint note with more detailed case information
attached to this letter and study it thoroughly.
Court clerk,
Karen Mason
============================
Date: Tue, 07 Jan 2014 A.D. 18:33:05 -0400 [01/07/14 17:33:05 EST]
From: Pretrial Notice [support.3@alston.com]
Subject: Judicial summons No3877
Pretrial notice,
Hereby we inform that you are obliged to come as a defendant
to The Court of Atlanta in February 20, 2014 at 10:00 a.m.
for the hearing of your case of illegal software use.
If necessary you have a right to obtain a lawyer for your protection.
You are kindly asked to have an identity document with you.
Personal appearance is compulsory.
Please find the plaint note with more detailed case information
attached to this letter and study it thoroughly.
Court clerk,
Mary Smith
============================
Date: Wed, 08 Jan 2014 02:54:03 -0500 [02:54:03 EST]
From: Pretrial Notice [notice_support.8@alston.com]
Subject: Notice of appearance in court No96162
Pretrial notice,
Hereby we inform that you are obliged to come as a defendant
to The Court of Atlanta in February 12, 2014 at 09:00 a.m.
for the hearing of your case of illegal software use.
If necessary you have a right to obtain a lawyer for your protection.
You are kindly asked to have an identity document with you.
Personal appearance is compulsory.
Please find the plaint note with more detailed case information
attached to this letter and study it thoroughly.
Court clerk,
Alison Tailor
Sample attachment names:
Plaint_Note_Document_06_01#0478.zip
Plaint Note_06_01_2014_No2964.zip
Plaint_Note_Document_06_01#1619.zip
Plaint_Note_Document_06_01#6017.zip
This malware is detected by 28/48 scanners at VirusTotal, but the Malwr analysis of what it does seems pretty inconclusive.