Date: Wed, 16 Jan 2013 18:36:25 +0200 [11:36:25 EST]The malicious payload is on [donotclick]teamrobotmusic.net/detects/bits_remember_confident.php hosted on 126.96.36.199 (Hanaro Telecom, Korea). This IP has been used in a few attacks recently and should be blocked if you can. The following domains appear to be active on this IP:
From: "email@example.com" [firstname.lastname@example.org]
Subject: ADP Speedy Information
ADP Speedy Communication
Reference ID: 14580
Dear ADP Client January, 16 2012
Your Money Transfer Statement(s) have been uploaded to the web site:
Please see the following details:
• Please note that your bank account will be charged-off within 1 business day for the value(s) specified on the Record(s).
•Please don't reply to this message. auomatic informational system unable to accept incoming email. Please Contact your ADP Benefits Expert.
This email was sent to acting users in your company that access ADP Netsecure.
As usual, thank you for choosing ADP as your business affiliate!