Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Malware being distributed pretending to be from AU Fedcourts - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Malware being distributed pretending to be from AU Fedcourts

Earlier today people have started reporting that they have received a subpoena email from the Australian Federal courts.

The email links through to a various compromised sites which redirect the user to a federalcircuitcourt.net web server.  Once on the web server you are expected to enter a number and the captcha shown before a case.js file is downloaded.   

The case.js file is being looked at at the moment and the diary will be updated with any findings.  In the mean time feel free to block the domain federalcircuitcourt.net in your web proxies. This is not a legitimate domain. 

The federal circuit court has issued a media release -->  http://www.federalcircuitcourt.gov.au/wps/wcm/connect/fccweb/about/news/mr080716

​If you receive one of these emails feel free to contact us via the contact form and if you can provide the headers of the email and the URL being used for the link that would be appreciated. 

Regards

Mark H - Shearwater

 

Mark

382 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!