D
DelJo63
Subject is: Notice to appear in court NR#6782
From: Notice to Appear
Avast! is finding this, inserting ***VIRUS*** in the subject line and deleting the attachment.
The true origin is
The body reads:
From: Notice to Appear
Avast! is finding this, inserting ***VIRUS*** in the subject line and deleting the attachment.
The true origin is
From: "Notice to Appear" <ticket_165@jonesday.com> Fictitcious of course
Return-Path: <ticket_165@jonesday.com>
Received: from [208.180.99.40] ([208.180.99.40:52373] helo=jonesday.com)
the payload isReturn-Path: <ticket_165@jonesday.com>
Received: from [208.180.99.40] ([208.180.99.40:52373] helo=jonesday.com)
X-Attachment: Court_Notice_Jones_Day_Wa#4536.zip#777829943|>Court_Notice_Jones_Day_Wa.exe
The body reads:
Notice to Appear,
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 9, 2014 at 10:00
am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Karen Smith
Clerk to the Court.
So how did I read this all w/o being infected?
1) Avast! atripped the payload and
2) performing Save AS directly from the Thunderbird inbox allows you to use
OPEN WITH and getting to NOTEPAD to view the junk without executing and code
(even if the payload were still present).
Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 9, 2014 at 10:00
am.
Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.
The copy of the court notice is attached to this letter.
Please, read it thoroughly.
Note: If you do not attend the hearing the judge may hear the case in
your absence.
Yours truly,
Karen Smith
Clerk to the Court.
So how did I read this all w/o being infected?
1) Avast! atripped the payload and
2) performing Save AS directly from the Thunderbird inbox allows you to use
OPEN WITH and getting to NOTEPAD to view the junk without executing and code
(even if the payload were still present).