Date: Tue, 25 Jun 2013 14:38:05 +0000 [10:38:05 EDT]
From: Run Do Not Reply [RunDoNotReply@ipn.adp.net]
Subject: Your Biweekly payroll is accepted
Yoyr payroll for check date 06/25/2013 is approved. Your payroll would be done at least 3 days before to your check date to ensure timely tax deposits and payroll delivery. If you offer direct deposit to your employees, this will also support pay down their money by the due date.
Client ID: [redacted]
View Details: Review
Important: Please be advised that calls to and from your payroll service team may be monitored or recorded.
Please do not reply to this message. auto informer system not configured to accept incoming messages.
The malicious payload is at [donotclick]spanishafair.com/news/possibility-redundant.php hosted on:
119.147.137.31 (China Telecom, China)
210.42.103.141 (Wuhan Urban Construction Institute, China)
203.80.17.155 (MYREN Cloud Infrastructrure, Malaysia)
Related evil domains and IP addresses to block can be found here and here.
No comments:
Post a Comment