Sponsored by..

Tuesday 17 September 2013

ADP spam / ADP_831290760091.zip

This fake ADP spam has a malicious attachment:

Date:      Tue, 17 Sep 2013 20:32:04 +0530 [11:02:04 EDT]
From:      ADP ClientServices
Subject:      ADP - Reference #831290760091
Priority:      High Priority 1 (High)

We were unable to process your recent transaction. Please verify your details and try again.
If the problem persists, contact us to complete your order.

Transaction details are shown in the attached file.

Reference #831290760091

This e-mail has been sent from an automated system.
PLEASE DO NOT REPLY.

The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you. 
Attached to the email is a file called ADP_831290760091.zip which in turn contains ADP_Reference_09172013.exe which has a VirusTotal detection rate of 9/48.

Automated analysis [1] [2] [3] shows a connection attempt to awcoomer.com on  78.157.201.219 (UK Dedicated Servers Ltd, UK). I don't have any evidence of further infections on this server, it does host 30+ legitimate UK sites if that helps..

No comments: