Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an invoice from ADP Payroll for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the recipient's system with malicious code.
E-mail messages that are related to this threat (RuleID5334) may contain the following files:
0{DIGIT[9]}_02152013.exe
0196202897_02152013.zip
The 0{DIGIT[9]}_02152013.exe file in the 0196202897_02152013.zip attachment has a file size of 124,416 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC4BE749E17B3CEDF705E0C9400E722E3
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: ADP Payroll Invoice for week ending 02/15/2013 - 04920
Message Body:
Your ADP Payroll invoice for last week is attached for your review. If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended mailbox.
Source: Cisco