“ADP Generated Message: Digital Certificate Expiration” malware via e-mail

Zojuist ontving ik een e-mail met het onderwerp ADP Generated Message: Digital Certificate Expiration en deze bijbehorende headers:

Return-Path: <ADP_Netsecure@adp.com>
Delivered-To: x
Received: from net3-nl-mx-27.vevida.net (net3-nl-mx-27.vevida.net [IPv6:2a00:f60::1:37])
	by net3-nl-mail-05.vevida.net (Postfix) with ESMTP id 6838F294259C
	for <x>; Fri, 14 Sep 2012 14:28:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: Yes, score=9.518 required=5 tests=[BAYES_80=2,
	SPF_FAIL=0.001, SPF_HELO_NEUTRAL=0.112] autolearn=no
Received: from centertel.pl (public93801.xdsl.centertel.pl [])
	by net3-nl-mx-27.vevida.net (Postfix) with ESMTP id A6D347F88073
	for <x>; Fri, 14 Sep 2012 14:27:31 +0200 (CEST)
Received: from apache by adp.com with local (Exim 4.67)
	(envelope-from <ADP_FSA_Services@ADP.com>)
	id J9Z8K6-SEU8RG-TE
	for <x>; Fri, 14 Sep 2012 13:27:30 +0100
To: <x>
Subject: ADP Generated Message: Digital Certificate Expiration
X-PHP-Script: adp.com/sendmail.php for
From: "ADP_FSA_Services@ADP.com" <ADP_FSA_Services@ADP.com>
X-Sender: "ADP_FSA_Services@ADP.com" <ADP_FSA_Services@ADP.com>
X-Mailer: PHP
X-Priority: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
Message-Id: <SNAIE1-6S8A7W-9L@adp.com>
Date: Fri, 14 Sep 2012 13:27:30 +0100

Slechts vier (4) van de twintig (20) virusscanners bij Jotti herkenden de bijlage als een virus:

  • Bitdefender: Gen:Variant.Graftor.42564
  • ClamAv: PUA.Win32.Packer.MingwGcc-2
  • Esset: Win32/Injector.WMK
  • Gdata: Gen:Variant.Graftor.42564

Scan resultaat

Het resultaat van Jotti’s malware scan vind je hier:

Blijkbaar gaan deze e-mails al rond sinds 9 juli 2012:

Wees altijd voorzichtig met het openen van bijlages!

You may find this interesting:

Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 10 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.