These past few days, our researchers in the AV Labs have been seeing a slew of spam campaigns purporting to have originated from the Automatic Data Processing, Inc., or ADP, a solutions provider to businesses with concerns involving outsourcing and computing services for the auto and heavy equipment industries.
The campaigns, which had been documented in real time, come in a number of varying content and appearance; however, these spam all lead to malware infection. Below are some of the samples we have captured:
click to enlarge
click to enlarge
click to enlarge
Hyperlinks in the spam actually point to URLs that are inherently malicious or probably compromised, which then direct to IP addresses that host a bogus Adobe Flash Player page where users can download an equally bogus software.
click to enlarge
Similar to the Skype voicemail spam we have documented recently, these ADP spam campaigns are also associated with Blackhole–Zeus infections.
When downloading software, make sure that your source domain/page is legitimate. In this case, it is much safer to type in Adobe’s URL on your browser address bar, navigate to the Downloads page, and get the Player from there.
For the latest email threats in the wild, go to our GFI Software Tumblr page at www.gfisoftware.tumblr.com where we post noteworthy, comprehensive, and up-to-date analyses straight from our experts in the AV Labs.
Jovi Umawing (Thanks to the GFI Labs team)
Leave a reply
