Sponsored by..

Friday, 28 September 2012

ADP spam / 108.178.59.6

This fake ADP spam leads to malware on 108.178.59.6:

Date:      Fri, 28 Sep 2012 13:22:13 +0300
From:      "ADP Notification" [D7443309@phoenixpv.de]
Subject:      Your Transaction Report(s)

Your Transaction Report(s) have been uploaded to the web site:



https://www.flexdirect.adp.com/client/login.aspx



Please note that your bank account will be debited within one banking

business day for the amount(s) shown on the report(s).



Please do not respond or reply to this automated e-mail. If you have any

questions or comments, please Contact your ADP Benefits Specialist.



Thank You,

ADP Benefit Services


The malicious payload is at [donotclick]108.178.59.6/links/marked-alter.php (Singlehop, US) which looks like a Blackhole 2 exploit kit or similar.

The malware is hosted on this evil network,  blocking 108.178.59.0/26 would be wise.

No comments: