“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

Zojuist ontving ik een e-mail met het onderwerp ADP Generated Message: Digital Certificate Expiration en bijbehorende headers:

Delivered-To: x
Received: from net3-nl-mx-27.vevida.net (net3-nl-mx-27.vevida.net [IPv6:2a00:f60::1:37])
	by net3-nl-mail-05.vevida.net (Postfix) with ESMTP id 6838F294259C
	for ; Fri, 14 Sep 2012 14:28:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: Yes, score=9.518 required=5 tests=[BAYES_80=2,
	SPF_FAIL=0.001, SPF_HELO_NEUTRAL=0.112] autolearn=no
Received: from centertel.pl (public93801.xdsl.centertel.pl [])
	by net3-nl-mx-27.vevida.net (Postfix) with ESMTP id A6D347F88073
	for ; Fri, 14 Sep 2012 14:27:31 +0200 (CEST)
Received: from apache by adp.com with local (Exim 4.67)
	(envelope-from )
	id J9Z8K6-SEU8RG-TE
	for ; Fri, 14 Sep 2012 13:27:30 +0100
Subject: ADP Generated Message: Digital Certificate Expiration
X-PHP-Script: adp.com/sendmail.php for
From: "ADP_FSA_Services@ADP.com" 
X-Sender: "ADP_FSA_Services@ADP.com" 
X-Mailer: PHP
X-Priority: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
Date: Fri, 14 Sep 2012 13:27:30 +0100

Slechts vier (4) van de twintig (20) virusscanners bij Jotti herkenden de bijlage als een virus:

  • Bitdefender: Gen:Variant.Graftor.42564
  • ClamAv: PUA.Win32.Packer.MingwGcc-2
  • Esset: Win32/Injector.WMK
  • Gdata: Gen:Variant.Graftor.42564

Scan resultaat

Het resultaat van Jotti’s malware scan vind je hier:

Blijkbaar gaan deze e-mails al rond sinds 9 juli 2012:

Wees altijd voorzichtig met het openen van bijlages!

Also read:  Don't turn off CURLOPT_SSL_VERIFYPEER, fix your PHP configuration

Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevida in the Netherlands. With over 10 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), PHP, websites, optimization and security. More about me @ www.reilink.nl.

Leave a Reply

%d bloggers like this: