From: warning@adp.com [mailto:warning@adp.com]
Sent: Thu 25/10/2012 16:42
Subject: ADP Instant Message
ADP Pressing Communication
Reference No.: 27711
Respected ADP Client October, 25 2012
Your Transaction Report(s) have been uploaded to the web site:
Click Here to access
Please overview the following information:
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).
Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.
This email was sent to existing users in your company that access ADP Netsecure.
As general, thank you for using ADP as your business affiliate!
Ref: 27711
The malicious payload is at [donotclick]openpolygons.net/detects/lorrys_implication.php hosted on 195.198.124.60 (Skand Meteorologi och Miljoinstr AB, Sweden) which is an IP address that has been seen before.
That IP also hosts the fake AV application win8ss.com and another malware site of legacywins.com.
Plain list for copy-and-pasting:
195.198.124.60
openpolygons.net
win8ss.com
legacywins.com
3 comments:
Other variants include
ADP Pressing Communication
ADP Urgent Message
ADP Immediate Warning
further variants
ADP Instant Note
ADP Immediate Communication
further variants
Subject: adp_subj
From: ADPClientServices@adp.com (ADPClientServices@adp.com)
Catch Line: ADP Instant Communication
Post a Comment