Subpoena in a Civil Case

The SANS ISC Diary has a good write up of the Subpoena in a Civil Case malicious email. Wish I had seen that before investigating the copy our CEO received.
The message is from [email protected] with a display From of United States District Court. It says

YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District Court at the place, date, and time specified below.

It has a link to download a document on the matter. The website prompts to install a malicious activeX control.
The malware we received doesn’t seem to be the same file the ISC is reporting.


  1. Does anyone know what virus is released by the link in this e-mail? One of my users clicked on it and it make IE crash on https pages. McAfee Virus Scan seems not to find anything after running a full scan. Someone let me know what virus it is if you know…

  2. when I ran my sample through virustotal, and from what I remember looking at the links in the sans diary entry, most of the detections were heuristic. The only virus name I saw was Trojan-Downloader.Win32.DlRhifrem.A.
    Virus cleaning has changed. Most of the time, you aren’t going to get virus XYZ and find easy to follow instructions on cleaning, or better yet a clean tool like the AVERT Stinger. With the hundreds of thousands of variants that are out there, its impossible to treat every variant as a major event.
    Most people would tell you to be absolutely sure a computer is clean you must reload it. I must admit I still have a tendency to try to clean it by hand. If I’m not called upon too often, it can be entertaining.
    I generally use sysinternals tools to clean manually. hijackthis may still be useful. Then wrap things up with a full system scan using a free online scan from a trustworthy vendor.

Comments are closed.