Sponsored by..

Thursday, 25 October 2012

ADP Spam / openpolygons.net

This fake ADP spam leads to malware on openpolygons.net:

From: warning@adp.com [mailto:warning@adp.com]
Sent: Thu 25/10/2012 16:42
Subject: ADP Instant Message

ADP Pressing Communication

Reference No.: 27711

Respected ADP Client October, 25 2012

Your Transaction Report(s) have been uploaded to the web site:

Click Here to access

Please overview the following information:

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).

Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.

This email was sent to existing users in your company that access ADP Netsecure.

As general, thank you for using ADP as your business affiliate!

Ref: 27711 

The malicious payload is at [donotclick]openpolygons.net/detects/lorrys_implication.php hosted on (Skand Meteorologi och Miljoinstr AB, Sweden) which is an IP address that has been seen before.

That IP also hosts the fake AV application win8ss.com and another malware site of legacywins.com.

Plain list for copy-and-pasting:


svirfnebli said...

Other variants include

ADP Pressing Communication
ADP Urgent Message
ADP Immediate Warning

svirfnebli said...

further variants

ADP Instant Note
ADP Immediate Communication

Unknown said...

further variants

Subject: adp_subj‏
From: ADPClientS​ervices@adp​.com (ADPClientServices@adp.com)

Catch Line: ADP Instant Communication