Be Advised: email spam circulating with social engineering

[DelJo63]

Subject is: Notice to appear in court NR#6782
From: Notice to Appear

Avast! is finding this, inserting ***VIRUS*** in the subject line and deleting the attachment.

The true origin is

From: "Notice to Appear" <ticket_165@jonesday.com> Fictitcious of course
Return-Path: <ticket_165@jonesday.com>
Received: from [208.180.99.40] ([208.180.99.40:52373] helo=jonesday.com)​

the payload is

X-Attachment: Court_Notice_Jones_Day_Wa#4536.zip#777829943|>Court_Notice_Jones_Day_Wa.exe​

The body reads:

Notice to Appear,

Hereby you are notified that you have been scheduled to appear for
your hearing that
will take place in the court of Washington in January 9, 2014 at 10:00
am.

Please bring all documents and witnesses relating to this case with
you to Court on your hearing date.

The copy of the court notice is attached to this letter.
Please, read it thoroughly.

Note: If you do not attend the hearing the judge may hear the case in
your absence.

Yours truly,
Karen Smith
Clerk to the Court.

So how did I read this all w/o being infected?
1) Avast! atripped the payload and
2) performing Save AS directly from the Thunderbird inbox allows you to use
OPEN WITH and getting to NOTEPAD to view the junk without executing and code
(even if the payload were still present).
​

 

[SNGX1275]

Gmail won't allow exe's to be sent, so should be immune if your email is through gmail.

 

[captaincranky]

How about if you're certain you're not in trouble of any sort, and you know where all the red light cameras are in your area? Would you still click on this?

This is a social engineering exploit, is it not?

(Thanks for the head's up though Jobeard, I'm not knocking that).

 

[Craig Herberg]

Indeed, this is an old tried-but-true social engineering ploy. First of all, if it were legitimate, there would be contact info in the email body, so you could call with questions. Second, an attachment that is a .zip or .exe is most certainly not a document! Indeed, it is unfortunate that unsuspecting folks still fall for this ruse.

 

[cannotspot]

What if you did open the email? Will there be a virus on my computer? And if so how do I get rid fo it :S

 

[Ranger12]

What if you did open the email? Will there be a virus on my computer? And if so how do I get rid fo it :S

Did you open the attachment?

 

[Craig Herberg]

What if you did open the email? Will there be a virus on my computer? And if so how do I get rid fo it :S

Probably so. I would start by doing a system restore to a day before the unfortunate incident, then clean up with Malwarebytes and/or SuperAntiSpyware. Also, remove any unknown plugins from your browsers. Virus removal can be tricky.

 

[mailpup]

Cannotspot, virus removal questions are reserved for the Virus and Malware Removal forum. If you believe you have a virus, please post your problem there.

 

[learninmypc]

Probably so. I would start by doing a system restore to a day before the unfortunate incident, then clean up with Malwarebytes and/or SuperAntiSpyware. Also, remove any unknown plugins from your browsers. Virus removal can be tricky.

I'd never consider doing a system restore, it could make matters worse.
I'd go to the virus/Malware part in here to get it removed as is mentioned.

 

[Cobalt006]

Doing a system restore. Will not hurt things . If you no the point you got infected. If you don't know.Then by all means. Don't do a System restore.