Sponsored by..

Tuesday, 25 June 2013

ADP spam / spanishafair.com

This fake ADP spam leads to malware on spanishafair.com:

Date:      Tue, 25 Jun 2013 14:38:05 +0000 [10:38:05 EDT]
From:      Run Do Not Reply [RunDoNotReply@ipn.adp.net]
Subject:      Your Biweekly payroll is  accepted

Yoyr payroll for check date 06/25/2013 is approved. Your payroll would be done at least 3 days before to your check date to ensure timely tax deposits and payroll delivery. If you offer direct deposit to your employees, this will also support pay down their money by the due date.

Client ID: [redacted]

View Details: Review

Important: Please be advised that calls to and from your payroll service team may be monitored or recorded.

Please do not reply to this message. auto informer system not configured to accept incoming messages.

The malicious payload is at [donotclick]spanishafair.com/news/possibility-redundant.php hosted on: (China Telecom, China) (Wuhan Urban Construction Institute, China) (MYREN Cloud Infrastructrure, Malaysia)

Related evil domains and IP addresses to block can be found here and here.

No comments: