News Top Law Firms Spoofed in Malware Spam Email Campaign

Over the past week we've received a massive amount of virus infected spam, ostensibly from the prestigious law firm, Latham & Watkins. With the subject "Urgent court notice" comes a zip file, such as the one named or using the Jones Day name. It apparently contains an executable file that is assumed to be malicious. While any attorney or legal professional would easily conclude that the court notice is not genuine, it probably has fooled a number of laypersons who may be appearing for a court date this month.

E-mail spoofing is also known as forging e-mail headers. An email message will appear to have originated from someone other than the actual sender. Its purpose is to gain the trust of the recipient and to lead them to performing an action, such as opening up a file that will install malware or a virus onto their computer.

The zip file attachment for this Court Notice spam typically uses the name of a law firm (Latham & Watkins as well as Jones Day.) It apparently contains some type of malware or trojan. The body of the email appears as follows:

Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 14 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Jackson Allen
Clerk to the Court.

Looking in the header, the IP address associated with the email is located in Denver, Colorado and has been identified as a significant source of spam by the most of the major Realtime Blackhole Lists such as Spamhaus and Spamcop. It would appear that the email does not originate from a compromised server at the law firm, despite seeing the domain name appear several times in the header.

Return-path: <>​
Envelope-to: ***********​
Delivery-date: Tue, 24 Dec 2013 08:28:32 -0500​
Received: from ([]:53185​
by server.********.net with smtp (Exim 4.82)​
(envelope-from <>)​
id 1VvS2C-0007gk-57​
for *******; Tue, 24 Dec 2013 08:28:32 -0500​
Message-ID: <002f01cf00abf823f8756a01a8c0@THEBODYSHOP-HP>​
From: "Notice to Appear" <>​
To: <**********>​
Subject: Notice of appearance in court No#4394​
Date: Tue, 24 Dec 2013 06:28:01 -0600​
MIME-Version: 1.0​
Content-Type: multipart/mixed;​
X-Priority: 3​
X-MSMail-Priority: Normal​
X-Mailer: XimianEvolution1.4.6​
X-MimeOLE: Produced By XimianEvolution1.4.6​
X-Antivirus: avast! (VPS 131224-0, 12/24/2013), Inbound message​
X-Antivirus-Status: Clean​
Other variants of this message include this short form:
Notice of appearance,
Hereby you are informed that you are due in the court of New York on the 15 of January, 2014 at 10:00 am for the hearing of your case. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Yours truly,
Taylor Murphy
Clerk to the Court.

Names of the clerks range from stock American names to those associated with hairdressers:
  • Jackson Phillips
  • Miller Morris
  • Johnson Lewis
  • Taylor Murphy
  • Martin Parker
  • Clark Perez
  • Abigail Smith
  • Margaret Tailor
  • Mary Smith
  • Emma Tailor
  • Lily Tailor
  • Linda Mason
Legal Practice
Computers - Internet
  1. Other
  • gmail-email.jpg
    13.9 KB · Views: 250
About author
Michael Wechsler
Michael is an experienced attorney licensed to practice law in New York and New Jersey state. He is founder of and is a faculty member of the City University of New York, Queens College lecturing on Blockchain & Money, The Economics of Cryptoassets. Michael's work history includes serving as A. Research Scholar at Columbia Business School, SVP of at IDT, Inc., legal consultant for electronic discovery and computer forensics at Kroll Ontrack, and Director of Legal and Business affairs at


There are no comments to display.

Article information

Michael Wechsler
Article read time
3 min read
Last update

More in Internet & Computer Law

More from Michael Wechsler
