TechSpot

Be Advised: email spam circulating with social engineering

By jobeard
Dec 30, 2013
Post New Reply
  1. Subject is: Notice to appear in court NR#6782
    From: Notice to Appear

    Avast! is finding this, inserting ***VIRUS*** in the subject line and deleting the attachment.

    The true origin is
    From: "Notice to Appear" <ticket_165@jonesday.com> Fictitcious of course
    Return-Path: <ticket_165@jonesday.com>
    Received: from [208.180.99.40] ([208.180.99.40:52373] helo=jonesday.com)
    the payload is
    X-Attachment: Court_Notice_Jones_Day_Wa#4536.zip#777829943|>Court_Notice_Jones_Day_Wa.exe

    The body reads:
    Notice to Appear,

    Hereby you are notified that you have been scheduled to appear for
    your hearing that
    will take place in the court of Washington in January 9, 2014 at 10:00
    am.

    Please bring all documents and witnesses relating to this case with
    you to Court on your hearing date.

    The copy of the court notice is attached to this letter.
    Please, read it thoroughly.

    Note: If you do not attend the hearing the judge may hear the case in
    your absence.

    Yours truly,
    Karen Smith
    Clerk to the Court.


    So how did I read this all w/o being infected?
    1) Avast! atripped the payload and
    2) performing Save AS directly from the Thunderbird inbox allows you to use
    OPEN WITH and getting to NOTEPAD to view the junk without executing and code
    (even if the payload were still present).
  2. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,531   +301

    Gmail won't allow exe's to be sent, so should be immune if your email is through gmail.
  3. captaincranky

    captaincranky TechSpot Addict Posts: 10,676   +879

    How about if you're certain you're not in trouble of any sort, and you know where all the red light cameras are in your area? Would you still click on this?

    This is a social engineering exploit, is it not?

    (Thanks for the head's up though Jobeard, I'm not knocking that).:)
  4. Craig Herberg

    Craig Herberg TS Rookie

    Indeed, this is an old tried-but-true social engineering ploy. First of all, if it were legitimate, there would be contact info in the email body, so you could call with questions. Second, an attachment that is a .zip or .exe is most certainly not a document! Indeed, it is unfortunate that unsuspecting folks still fall for this ruse.
  5. cannotspot

    cannotspot TS Rookie

    What if you did open the email? Will there be a virus on my computer? And if so how do I get rid fo it :S
  6. Ranger12

    Ranger12 TS Guru Posts: 636   +117

    Did you open the attachment?
  7. Craig Herberg

    Craig Herberg TS Rookie

    Probably so. I would start by doing a system restore to a day before the unfortunate incident, then clean up with Malwarebytes and/or SuperAntiSpyware. Also, remove any unknown plugins from your browsers. Virus removal can be tricky.
  8. mailpup

    mailpup TS Special Forces Posts: 8,432   +218

    Cannotspot, virus removal questions are reserved for the Virus and Malware Removal forum. If you believe you have a virus, please post your problem there.
    learninmypc likes this.
  9. learninmypc

    learninmypc TS Evangelist Posts: 5,230   +232

    I'd never consider doing a system restore, it could make matters worse.
    I'd go to the virus/Malware part in here to get it removed as is mentioned.
  10. Cobalt006

    Cobalt006 TS Maniac Posts: 1,817   +179

    Doing a system restore. Will not hurt things . If you no the point you got infected. If you don't know.Then by all means. Don't do a System restore.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.