Sharing is Caring

“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

Zojuist ontving ik een e-mail met het onderwerp ADP Generated Message: Digital Certificate Expiration en deze bijbehorende headers:

Return-Path: <>
Delivered-To: x
Received: from ( [IPv6:2a00:f60::1:37])
	by (Postfix) with ESMTP id 6838F294259C
	for <x>; Fri, 14 Sep 2012 14:28:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at
X-Spam-Status: Yes, score=9.518 required=5 tests=[BAYES_80=2,
	SPF_FAIL=0.001, SPF_HELO_NEUTRAL=0.112] autolearn=no
Received: from ( [])
	by (Postfix) with ESMTP id A6D347F88073
	for <x>; Fri, 14 Sep 2012 14:27:31 +0200 (CEST)
Received: from apache by with local (Exim 4.67)
	(envelope-from <>)
	id J9Z8K6-SEU8RG-TE
	for <x>; Fri, 14 Sep 2012 13:27:30 +0100
To: <x>
Subject: ADP Generated Message: Digital Certificate Expiration
X-PHP-Script: for
From: "" <>
X-Sender: "" <>
X-Mailer: PHP
X-Priority: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
Message-Id: <>
Date: Fri, 14 Sep 2012 13:27:30 +0100

Slechts vier (4) van de twintig (20) virusscanners bij Jotti herkenden de bijlage als een virus:

  • Bitdefender: Gen:Variant.Graftor.42564
  • ClamAv: PUA.Win32.Packer.MingwGcc-2
  • Esset: Win32/Injector.WMK
  • Gdata: Gen:Variant.Graftor.42564

Scan resultaat

Het resultaat van Jotti’s malware scan vind je hier:

Blijkbaar gaan deze e-mails al rond sinds 9 juli 2012:

Wees altijd voorzichtig met het openen van bijlages!

About the Author J. Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 10 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

follow me on: