Date: Thu, 20 Sep 2012 14:25:24 +0300
From: "ADPClientServices" [ABD331056@losblancoba.com.ar]
Subject: ADP Urgent Notification - Debit Draft
Your Transaction Report(s) have been uploaded to the web site:
https://www.flexdirect.adp.com/client/login.aspx
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).
Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.
Thank You,
ADP Benefit Services
The malicious payload is at [donotclick]69.194.192.203/links/deep_recover-result.php (probably Blackhole 2.0) hosted by Solar VPS in the US. This IP has been used for malware before recently, blocking it would be prudent.
No comments:
Post a Comment