Fake ADP Notification E-mail Distributes Malware

MX Lab a security company based in Belgium has detected one fresh e-mail campaign that distributes Trojan under the heading "ADP TotalSource Automated Payroll Invoice Notification."

It maybe noted that an American entity, ADP (Automated Data Processing) Inc., supplies business outsourcing methods.

Displaying a spoofed sender's id namely totalsourceautomation@adp.com, the e-mail tells the recipient that a given PDF attachment contains one replica of his Payroll Invoice by ADP TotalSource, related to a given payroll that he can now see online. The details: Year-2013; Week-8th; and Payroll No.-01. The e-mail requests the user to open the attachment and examine the given payroll.

Amazingly, the malicious e-mail tries to appear genuine and lawful, so it tells that the e-mail notification has been automatically generated that shouldn't be replied directly. However, in case of queries about the invoice alternatively the user has lost his MyTotalSource login particulars he may talk to his Payroll Service Official, it states.

Moreover, the zipped file in the attachment is named ADP-TotalSource-Payroll-Invoice-B34519A60357 while it carries one huge file detected as ADP TotalSource Payroll Invoice ID-EF2342AC2357-AA-433**NUMBERS***56.pdf.exe.

And though the PDF file looks innocuous, actually it is one Trojan, which merely 12 anti-virus software have been able to identify, MX Lab outlines.

Names assigned to the Trojan are varied. These are - RDN/PWS-Zbot.ate!a, TR/Rogue.KD.884788.1, Trojan.Generic.KD.884788, Mal/Generic-S, TROJ_GEN.F47V0304, and Heuristic.BehavesLike.Win32.ModifiedUPX.C.

Typically, the perpetrators of the e-mail think their message will make recipients panicky enough to hastily open the PDF attachment as they may wrongly perceive of money being withdrawn out of their savings A/C.

Disturbingly, many times in the past, malware scams have targeted ADP. Recently, one version asserted that end-users needed following one web-link for refreshing personal Digital Certificate from ADP. Still one more edition asserted that end-users required following one web-link for details regarding so-called Security Management Update from ADP.

MX Lab suggests Internauts to exercise caution with any e-mail, which asserts it's from ADP while asks them for viewing an attachment else following certain web-link for updating or examining details. At best such an electronic mail must be deleted without following its web-links or viewing any attachments, the company indicates.

Related article: Fake-mails Troubling Credit Union Customers

» SPAMfighter News - 3/11/2013