Saotn.org

“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

Zojuist ontving ik een e-mail met het onderwerp ADP Generated Message: Digital Certificate Expiration en bijbehorende headers:

Return-Path: 
Delivered-To: x
Received: from net3-nl-mx-27.vevida.net (net3-nl-mx-27.vevida.net [IPv6:2a00:f60::1:37])
	by net3-nl-mail-05.vevida.net (Postfix) with ESMTP id 6838F294259C
	for ; Fri, 14 Sep 2012 14:28:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: Yes, score=9.518 required=5 tests=[BAYES_80=2,
	HTML_MESSAGE=0.001, MY_DSL=0.85, RCVD_IN_BRBL_LASTEXT=1.449,
	RCVD_IN_PBL=3.335, RCVD_IN_SORBS=1, RCVD_IN_SORBS_WEB=0.77,
	SPF_FAIL=0.001, SPF_HELO_NEUTRAL=0.112] autolearn=no
Received: from centertel.pl (public93801.xdsl.centertel.pl [188.47.238.105])
	by net3-nl-mx-27.vevida.net (Postfix) with ESMTP id A6D347F88073
	for ; Fri, 14 Sep 2012 14:27:31 +0200 (CEST)
Received: from apache by adp.com with local (Exim 4.67)
	(envelope-from )
	id J9Z8K6-SEU8RG-TE
	for ; Fri, 14 Sep 2012 13:27:30 +0100
To: 
Subject: ADP Generated Message: Digital Certificate Expiration
X-PHP-Script: adp.com/sendmail.php for 188.47.238.105
From: "ADP_FSA_Services@ADP.com" 
X-Sender: "ADP_FSA_Services@ADP.com" 
X-Mailer: PHP
X-Priority: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="------------08020700707010609010103"
Message-Id: 
Date: Fri, 14 Sep 2012 13:27:30 +0100

Slechts vier (4) van de twintig (20) virusscanners bij Jotti herkenden de bijlage als een virus:

  • Bitdefender: Gen:Variant.Graftor.42564
  • ClamAv: PUA.Win32.Packer.MingwGcc-2
  • Esset: Win32/Injector.WMK
  • Gdata: Gen:Variant.Graftor.42564

Scan resultaat

Het resultaat van Jotti’s malware scan vind je hier:
http://virusscan.jotti.org/nl/scanresult/d3e4bd19ecac8e193f9b73f2fe78ef9d034a55fd

Blijkbaar gaan deze e-mails al rond sinds 9 juli 2012:
http://news.softpedia.com/news/ADP-Digital-Certificate-Expiration-Emails-Point-to-Malware-Hosted-on-Hijacked-Sites-280153.shtml

Wees altijd voorzichtig met het openen van bijlages!

 

 


Sysadmins of the North
About The Author
My name is Jan Reilink. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevida Services in the Netherlands. With over 10 years of experience, my specialties include Windows Server (2003, 2008 and 2012), Windows 7, IIS (6.0, 7.5 and 8.0), Linux (CentOS, Debian), PHP, websites, optimization and security.

 

There are no comments yet, but you can be the first



Leave a Reply




4 − = 3

About Sysadmins of the North

Hi and welcome to Sysadmins of the North!

Sysadmins of the North is just another technical blog. Just like so many others out there. Most posts are written in English, some in Dutch. On Saotn.org you can find all kinds of computer, server, web, sysadmin, database and security related stuff.

About me: My name is Jan Reilink. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevdia Services in the Netherlands. Living in the north of the Netherlands, so hence the name Sysadmins of the North :-)

Drop me a comment somewhere or send an email to say hi, or discuss about security, website or WordPress, performance, Windows or IIS topics.

Search & Find

Advertisement

IT Books & WP Themes

Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft\'s Command Shell
DNS and BIND - 5th Edition
DNSSEC Mastery: Securing the Domain Name System with BIND
Windows Server 2012 Unleashed
Enfold - Responsive Multi-Purpose WordPress Theme
Striking MultiFlex & Ecommerce Responsive WordPress Theme

 

The Sysadmins of the North network

Just for the fun of it, Sysadmins of the North is hosted on mulitple servers:

  1. one (shared) Windows Server 2012, IIS 8.0 webserver running PHP 5.5
  2. one (shared) MySQL database server, running MariaDB 5.5
  3. one Varnish Cache HTTP reverse proxy with Apache, for offloaded static content
Twitter Feed

What's happening, right now, around Saotn.org?


Bad Authentication data
Copyright © 2007-2014 Saotn.org . Design by OrangeIdea