Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an invoice from ADP Payroll for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the recipient's system with malicious code.
E-mail messages that are related to this threat (RuleID5843) may contain the following files:
ADP_inv_#01763366154_04_19_2013.zip
ADP_inv_#0{DIGIT[10]}_04_19_2013.exe
The ADP_inv_#0{DIGIT[10]}_04_19_2013.exe file in the ADP_inv_#01763366154_04_19_2013.zip attachment has a file size of 123,392 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x82336525546E7030E827902514D3463C
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: ADP Payroll Invoice for week ending 04/19/2013
Message Body:
Your ADP Payroll invoice for last week is attached for your review. If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended mailbox.
Source: Cisco Systems