Sponsored by..

Wednesday 15 May 2013

ADP spam / outlookexpres.net

This fake ADP spam leads to malware on outlookexpres.net:


Date:      Wed, 15 May 2013 22:39:26 +0400
From:      "donotreply@adp.com" [phrasingr6@news.adpmail.org]
Subject:      adp_subj


ADP Instant Warning

Report #: 55233

Respected ADP Client May, 15 2013

Your Processed Transaction Report(s) have been uploaded to the website:

Sign In here

Please see the following information:

• Please note that your bank account will be charged within 1 business banking day for the sum shown on the Statement(s).

• Please don't try to reply to this message. automative notification system not configured to accept incoming email. Please Contact your ADP Benefits Expert.

This email was sent to existing users in your company that access ADP Netsecure.

As every time, thank you for using ADP as your business affiliate!

Rep: 55233 [redacted]

The link in the spam email goes through a legitimate but hacked site and ends up on a malware landing page at [donotclick]outlookexpres.net/news/estimate_promising.php (report here) hosted on the same IPs found in this attack:
36.224.16.74 (Chunghwa Telecom, Taiwan)
108.5.125.134 (Verizon, US)
198.61.147.58 (Matt Martin Real Estate Management / Rackspace, US)

Blocklist:
36.224.16.74
108.5.125.134
198.61.147.58
contonskovkiys.ru
curilkofskie.ru
exrexycheck.ru
fenvid.com
gangrenablin.ru
gatareykahera.ru
janefgort.net
klosotro9.net
mortolkr4.com
nopfrog.pw
otophone.net
outlookexpres.net
peertag.com
pinformer.net
priorityclub.pl
smartsecurity-app.com
twintrade.net
zonebar.net

No comments: