Threat Outbreak Alert: Fake ADP Anti-Fraud Secure Update Notification E-mail Messages

Description

Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an anti-fraud secure update from ADP for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

E-mail messages that are related to this threat (RuleID5077) may contain the following files:

2013 Anti-Fraud Secure Update.zip
2013 Anti-Fraud Secure Update.exe

The 2013 Anti-Fraud Secure Update.exe file in the 2013 Anti-Fraud Secure Update.zip attachment has a file size of 112,128 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x9B47F86F63A67FEDB75767DF660703AF

The following text is a sample of the e-mail message that is associated with this threat outbreak:

Subject: 2013 Anti-Fraud Secure Update

Message Body:

ALERT!
2013 Anti-Fraud Secure Update
Dear Valued ADP Client,
We are pleased to announce that ADP Payroll System released secure upgrades to your computer.
A new version of secure update is available.
Our development division strongly recommends you to download this software update.
It contains new features:
The certificate will be attached to the computer of the account holder, which disables any fraud activity
Any irregular activity on your account is detected by our safety centre
Download the attachment. Update will be automatically installed by double click.
We value our partnership with you and take pride in the confidence that you place in us to process payroll
on your behalf. As always, your ADP Service Team is happy to assist with any questions you may have.
[This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.]