• The spam emails, purporting to come from a law firm, tells victims that they are being sued.
• A phishing kit reported to be a part of the campaign showed that the targets were primarily Canadian businesses.

Recently, a unique spam campaign has been uncovered by security researchers, where victims are confronted with fake legal threats. It is believed to have been active since last week. In this campaign, spam emails claim to come from law firms and warn gullible victims that they are sued for fictitious legal issues. The poorly-written emails which contain a malicious Word attachment, also instruct victims to respond to the issue within seven days.

Key highlights

• A phishing kit associated with this campaign was found to have five malicious Word documents.
• The documents contained a trojan which is used to drop additional malware into affected systems. Most antivirus software products failed to identify these documents.
• In addition, a text document found in the kit had over 100,000 business email addresses, with most of them having .ca (Canada) domains. Organizations in the northeastern US were also speculated to be some of the targets.

Campaign leverages domain spoofing

Threat actors behind the campaign spoofed domains of certain law firms. KrebsOnSecurity reported an instance where a law firm’s website was spoofed.

“The law firm domain spoofed in this scam — wpslaw.com — now redirects to the Web site for RWC LLC, a legitimate firm based in Connecticut. A woman who answered the phone at RWC said someone had recently called to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter,” KrebsonSecurity reported.