Notice to Appear in Court (Scam/Malware)


(Thanks to Techsrus for the image)

My cubicle neighbor (at the job we just both got laid off from yesterday, but that’s another story) showed me a couple of emails he had gotten in his Gmail account – each sported the header “Notice to Appear in Court.”  I told him they were probably scam threat letters and hoping to extort money.

I got one myself today, and decided to explore it a little further.


From: “Notice to Appear in Court” <>
To: <redacted>

Subject: Notice to appear in court SN8157

Notice to appear in court,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Detroit in April 03, 2014 at 11:30 am.You are kindly asked to prepare and bring the documents relating to the case to court on the specified date.The copy of the court notice is attached to this letter. Please, read it thoroughly.
Note: The case may be heard by the judge in your absence if you do not come.Yours very truly,
Clerk of court
Attached was a file called “”
Unpack this zip folder and you find a file called “Court Notice.exe”. That file lasted less than one second on my desktop, as Microsoft Security Essentials immediately quarantined it. The .exe file contained a Trojan Downloader named Win32/Kuluoz.D, which Microsoft describes as follows:
Win32/Kuluoz is a trojan that tries to steal passwords that are stored in certain applications and sensitive files from your PC. This trojan could also download other malware to your PC, like other variants of Win32/Kuluoz and Win32/Sirefef, and variants of rogue security software likeWin32/FakeSysdef and Win32/Winwebsec. This threat tries to hack your email accounts and file transfer programs.
In other words, really nasty stuff.
This is a perfect example of why you should do the following things on your computer to practice safe computing:

1. Always display file extensions. This option is turned off by default by Microsoft on its newer operating systems, which in my opinion is a dangerous and foolhardy idea. This means that instead of seeing “” and “Court Notice.exe”, you would only see “Notice_to_Appear_TY4769” and “Court Notice.” To fix this, follow the procedure below for your operating system:

To show or hide file name extensions (Windows 7)

  1. Open Folder Options by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

  2. Click the View tab, and then, under Advanced settings, do one of the following:

    • To show file name extensions, clear the Hide extensions for known file types check box, and then click OK.

    • To hide file name extensions, select the Hide extensions for known file types check box, and then click OK.


To show or hide file name extensions (Windows 8)

  • Open Windows Explorer and go to “View” and then click the Options button > Change folder and search options
  • Scroll to “Hide extensions for file types is known”
  • Uncheck it and click OK.

To show or hide file name extensions (Windows XP)

  • Double Click on My Computer.
  • Click on Tools > Folder Options… in the menus.
  • Click on the View tab.
  • Remove the check from Hide extensions for known file types.
  • Click the OK button.

2) Make sure you have robust malware detection software installed. AVG Free, Microsoft Security Essentials, and Kaspersky are all good options. The first two are free, the third reasonably priced and somewhat more robust than the other two.

3) ☞ NEVER ☜ open attachments from unknown senders, especially a file that contains “.exe” anywhere in its name.

(Did I make that emphatic enough? I’d make it blink if I could.)

A lot of folks are savvy enough to spot this as a scam in an instant, but this particular email is official-looking enough to scare a lot of vulnerable computer users; the scammers don’t care if you actually appear anywhere – they just want you to open that never-to-be-sufficiently-damned attachment. If you are technically savvy and you have loved ones, either elderly or otherwise vulnerable, watch out for them. Educate them. You don’t want them becoming victims of scams or nefarious behavior like botnets.

This has been an Old Wolf public service announcement.

9 responses to “Notice to Appear in Court (Scam/Malware)

  1. Apparently Microsoft’s “newer operating systems” is a term sufficiently broad to span at least two decades. The less-than-intelligent approach of hiding file extensions started, to my knowledge, with the very first pre-alpha garage workshop version of Windows 95, and has been one of my major security concerns since 1996 when I got my first Windows computer. “You can easily tell the different file type apart by their icons,” they said. “Icons schmikons my firmly seated posterior,” said I, and pointed out the simplicity of writing a malicious program, name it “ReadMe.txt.exe” and equipping it with the default Notepad file icon. “Truly an exaggerated worry,” they replied, “for anyone with half a brain would realize that if you see a ‘.txt’ extension on a file on a system that hides extentions by default, it has to be fishy in nature.”

    I take “half a brain” to mean “more than that of any given Microsoft executive.” Fake file extensions was one of the most successful and effortless means of spreading malware in the late twentieth and early twenty-first century, and the technique is still in use today. The average Windows user simply does not possess the insight required to outwit malware programmers when living at the mercy of a system whose security foundation has been compromised by its very makers.

  2. Thanks!

    I’ve received numerous variations of these emails in the 12 months. Originally the grammar was so bad it was easy to toss as spam, then some of the sender email accounts were so bogus it was again… a “No Brainer”, but lately they have started using somewhat Local Court Names and cleaned up the rest.

    My challenge is I’ve been fighting a Civil battle with the City of San Diego for over two years, in the process the City in one instance filed a “Proof of personal service” for a hearing when I was actually 850 miles away – thankfully today’s technology of tracking credit card transactions coupled with seemingly unlimited Security Surveillance it was easy to prove I wasn’t served, but what did the City get for their fraudulent proof of service? Nothing! I just got a new trial date! So I’m paranoid about “Missing” a notice and suffering more surprise consequences!

    All too often I enjoy the benefit of good information people like you were willing to take the time to post, but feel myself and many others probably don’t pause to say “Thanks”!! I’m sure a $100 would be more appreciated but alas a heartfelt “Thank You” is the best I can do now – I do appreciate it!

    • And that, good sir, is all the gratification I could hope for. Sometimes it feels a bit redundant posting these, but every time someone writes and says that they were warned off by one of my postings, it makes it all worthwhile. Thanks so much for your kind words, and good luck with San Diego.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s