Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Malware being distributed pretending to be from AU Fedcourts - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Malware being distributed pretending to be from AU Fedcourts

Earlier today people have started reporting that they have received a subpoena email from the Australian Federal courts.

The email links through to a various compromised sites which redirect the user to a web server.  Once on the web server you are expected to enter a number and the captcha shown before a case.js file is downloaded.   

The case.js file is being looked at at the moment and the diary will be updated with any findings.  In the mean time feel free to block the domain in your web proxies. This is not a legitimate domain. 

The federal circuit court has issued a media release -->

​If you receive one of these emails feel free to contact us via the contact form and if you can provide the headers of the email and the URL being used for the link that would be appreciated. 


Mark H - Shearwater



392 Posts
ISC Handler
Jul 8th 2016

Sign Up for Free or Log In to start participating in the conversation!