Court summons scam makes a comeback

Researchers at AppRiver have been tracking an uptick in the number of emails containing the Zortob Trojan. The surge seems to be focused on an old scam, which warns the victim that they’ve been ordered to appear in court.

The emails represent a classic Phishing / Social Engineering ploy: frighten the potential victim with severe consequences if they don’t do what’s asked of them.

In this case, seeing a random notice to appear in court, which implies severe consequences if the person fails to show up, will entice people to open the attached summons in order to get to figure out what’s going on.

In this instance, the attachment is malicious. If the attached ZIP file is opened, the executable inside is a variant of Zortob, a Trojan that exposes the infected host to additional malware – in many cases is used to infect the victim with the Zeus Trojan.

Zeus is arguably one of the world’s most-known malware families, as it’s been used to steal banking information and personal information, create botnets, propagate itself via spam campaigns.

The court notification scam isn’t new. In December of 2013, leading into the first part of this year, criminals used this same trick to spread malware. Those behind the campaign reached such a wide number of potential victims that many US courts had to issue notifications to the public.

The following was taken from an AOUSC notice issued earlier this year.

“According to the Security Operations Center of the Administrative Office of the U.S. Courts, the emails are instructing recipients to report to a hearing on a specified day and time. The emails also instruct recipients to review an attached document for detailed case information… Several state courts have reported similar schemes, and also are warning the public about potential viruses.”

AppRiver advises that notices such as these be deleted and dismissed. Moreover, the age-old rule of avoiding attachments that arrive unexpectedly also applies in this case.