Date: Wed, 16 Jan 2013 18:36:25 +0200 [11:36:25 EST]The malicious payload is on [donotclick]teamrobotmusic.net/detects/bits_remember_confident.php hosted on 222.238.109.66 (Hanaro Telecom, Korea). This IP has been used in a few attacks recently and should be blocked if you can. The following domains appear to be active on this IP:
From: "notify@adp.com" [notify@adp.com]
Subject: ADP Speedy Information
ADP Speedy Communication
[redacted]
Reference ID: 14580
Dear ADP Client January, 16 2012
Your Money Transfer Statement(s) have been uploaded to the web site:
https://www.flexdirect.adp.com/client/login.aspx
Please see the following details:
• Please note that your bank account will be charged-off within 1 business day for the value(s) specified on the Record(s).
•Please don't reply to this message. auomatic informational system unable to accept incoming email. Please Contact your ADP Benefits Expert.
This email was sent to acting users in your company that access ADP Netsecure.
As usual, thank you for choosing ADP as your business affiliate!
Ref: 14580
advertizing9.com
seoseoonwe.com
alphabeticalwin.com
splatwetts.com
bestwesttest.com
masterseoprodnew.com
eartworld.net
foxpoolfrance.net
hotelrosaire.net
linuxreal.net
vaishalihotel.net
tetraboro.net
terkamerenbos.net
royalwinnipegballet.net
teamrobotmusic.net