Invoice #5117459 - Remit file - Virus

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

Fake ADP email claims invoice received from your bank is attached.

Attached zip contains exe virus or trojan horse.

Mixed spoofing of HSBC.co.UK , ADP.com , and NACHA.org.


Subject: Invoice #5117459 - Remit file

Attached is the invoice (ADP_Invoice_5117459.zip) 
received from your bank.
Please print this label and fill in the requested information.
Once you have filled out
all the information on the form please send it to
payroll.invoices @adp.com.

For more details please see the attached file.
Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you ,

Automatic Data Processing, Inc.
1 ADP Boulevard
Roseland
NJ 07068

Automatic Data Processing, Inc. (ADP) . All rights reserved.
*******************************************************************
This e-mail is confidential. It may also be legally privileged.
If you are not the addressee you may not copy, forward, disclose
or use any part of it. If you have received this message in error,
please delete it and all copies from your system and notify the
sender immediately by return e-mail.

Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability
for any errors or omissions.
*******************************************************************

ADP_Invoice_5117459.zip (135)

Header samples:

Mixed spoofing of HSBC.co.UK, ADP.com, and NACHA.org.

Received: from 72-18-239-4.static-ip.telepacific.net [72.18.239.4]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from hsbc.co.uk ([12.6.2.138]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from 23-24-33-41-static.hfc.comcastbusiness.net [23.24.33.41]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from static-58-108-212-14.optusnet.com.au [58.108.212.14]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from 130.128/28.123.218.12.in-addr.arpa ([12.218.123.130]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from mail.bowers-rodgers.org [24.213.112.105]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from 139-136-167-83.reverse.alphalink.fr [83.167.136.139]
X-Envelope-From: service @hsbc.co.uk
From: payroll.invoices @adp.com

Received: from nacha.org ([94.245.168.118]) X-Envelope-From: support @nacha.org From: "ADP - Payroll Services" <payroll.invoices @adp.com>

Received: from 41-66-226-dedicated.4u.com.gh [41.66.226.22] X-Envelope-From: no-reply @nacha.org From: payroll.invoices @adp.com

Received: from nacha.org ([76.7.78.134]) X-Envelope-From: support @nacha.org From: "ADP - Payroll Services" <payroll.invoices @adp.com>

Attachment Examples:

ADP_Invoice_5117459.zip containing ADP_Invoice_05222013.exe with MD5 of a8aab9bcd389348823b77b090fb0afcc

https://www.virustotal.com/en/file/4a1fdc68e902487a6d8fefacf62480380edad6a46901d741703ea10a40d49e40/analysis/1369233521/

Fortinet 	W32/Kryptik.AGAJ!tr
Malwarebytes Malware.Packer.RRE
Rising Backdoor.Agent!5459
McAfee BackDoor-FJW!A8AAB9BCD389

 

If this was at least a little helpful, how about a +1, Like, or Tweet?

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

Found something bad?

Do your part to clean it up!

Report malicious links to:

StopBadware.org

Report phishing links to:

Google Safebrowsing - Phishing

Netcraft Anti-Phishing

Send Virus Samples to:

Clam AV Database

Microsoft Anti-Malware DB

But most importantly:

Follow THL on Twitter

 

Submitting an email to THL

Submissions welcome!

 j (a-t) techhelplist (d-o-t) com

password zips with "slick-banana"

Some other GREAT resources

StopMalvertising

MyOnlineSecurity