Phony Judicial Summons Leads to Malware Infection

Blog

Thought Leadership

Phony Judicial Summons Leads to Malware Infection

Troy Gill

keytroajn resized 600This past week we have been monitoring an elevated threat level of a known trojan downloader commonly referred to as 'Zortob'. The email messages are using a somewhat clever, albeit slightly recycled, social engineering tactic by posing as a court summons. The subjects are “notice of judicial summons” or something similar and the messages have a simple message; that you are being ordered to appear in court. This is meant to trigger just enough panic in the heart of the recipient to open the attached payload. This type of social engineering is relied upon heavily by cybercriminals and is effective enough to trick an acceptable percentage of users into clicking the attachments.

Here is a look at one of the messages:

summons

 

 

 

 

 

 

 

Clicking on the .exe inside the attached .zip will result in the user being infected by the trojan downloader. This particular trojan (Zortob) serves to download other malware from the internet. In this instance ‘Zortob’ reaches out to the remote host(176.111.81.75) located in Ukraine to pull down a fresh install of the Zbot aka Zeus banking trojan:

iplocation(2)

 

 

 

The Zeus family of malware is renowned for stealing personal information such as passwords and login credentials with its key logging capabilities. We were seeing quite a bit of activity with this malware back in December of 2013 and now for the past week this campaign has been propagating with consistency. As usual we have are quarantining all variants of this threat but remember to never click on attachments in unsolicited emails.