“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

Zojuist ontving ik een e-mail met het onderwerp ADP Generated Message: Digital Certificate Expiration en deze bijbehorende headers:

Advertisement
Return-Path: <ADP_Netsecure@adp.com>
Delivered-To: x
Received: from net3-nl-mx-27.vevida.net (net3-nl-mx-27.vevida.net [IPv6:2a00:f60::1:37])
	by net3-nl-mail-05.vevida.net (Postfix) with ESMTP id 6838F294259C
	for <x>; Fri, 14 Sep 2012 14:28:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: Yes, score=9.518 required=5 tests=[BAYES_80=2,
	HTML_MESSAGE=0.001, MY_DSL=0.85, RCVD_IN_BRBL_LASTEXT=1.449,
	RCVD_IN_PBL=3.335, RCVD_IN_SORBS=1, RCVD_IN_SORBS_WEB=0.77,
	SPF_FAIL=0.001, SPF_HELO_NEUTRAL=0.112] autolearn=no
Received: from centertel.pl (public93801.xdsl.centertel.pl [188.47.238.105])
	by net3-nl-mx-27.vevida.net (Postfix) with ESMTP id A6D347F88073
	for <x>; Fri, 14 Sep 2012 14:27:31 +0200 (CEST)
Received: from apache by adp.com with local (Exim 4.67)
	(envelope-from <ADP_FSA_Services@ADP.com>)
	id J9Z8K6-SEU8RG-TE
	for <x>; Fri, 14 Sep 2012 13:27:30 +0100
To: <x>
Subject: ADP Generated Message: Digital Certificate Expiration
X-PHP-Script: adp.com/sendmail.php for 188.47.238.105
From: "ADP_FSA_Services@ADP.com" <ADP_FSA_Services@ADP.com>
X-Sender: "ADP_FSA_Services@ADP.com" <ADP_FSA_Services@ADP.com>
X-Mailer: PHP
X-Priority: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="------------08020700707010609010103"
Message-Id: <SNAIE1-6S8A7W-9L@adp.com>
Date: Fri, 14 Sep 2012 13:27:30 +0100

Slechts vier (4) van de twintig (20) virusscanners bij Jotti herkenden de bijlage als een virus:

  • Bitdefender: Gen:Variant.Graftor.42564
  • ClamAv: PUA.Win32.Packer.MingwGcc-2
  • Esset: Win32/Injector.WMK
  • Gdata: Gen:Variant.Graftor.42564

Scan resultaat

Het resultaat van Jotti’s malware scan vind je hier:
http://virusscan.jotti.org/nl/scanresult/d3e4bd19ecac8e193f9b73f2fe78ef9d034a55fd

Blijkbaar gaan deze e-mails al rond sinds 9 juli 2012:
http://news.softpedia.com/news/ADP-Digital-Certificate-Expiration-Emails-Point-to-Malware-Hosted-on-Hijacked-Sites-280153.shtml

Wees altijd voorzichtig met het openen van bijlages!

Advertisement

Did you like this post? Buy Me a Cup of Coffee

Did you find this article useful? Has it helped you solve a problem? Or has it saved you time?

Support Saotn.org and buy me a coffee (we sysadmins thrive on coffee :P ). A small, one-time, donation of USD $2.50 is more than enough and helps me with the research time, growth and hosting costs. Or use this link to enter your own donation amount.

Fast and secure through Paypal this'll support me in my research time and hosting costs, thank you!

 

Do you have anything interesting to add, or have an opinion? Found an error or typo? Found something to your liking? Let me know and leave a comment! As always, don't forget to share this post with your friends, family and co-workers!