- Popular
- Most Talked-About

Online Threat Alerts (OTA)

An anti-cybercrime community alerting the public to web or internet threats.

Categories

» Latest Online Alerts
» Trending Now
» Recently Talked-About
» What You Commented On
» Saved Alerts
» On This Day
» Yesterday's Most Popular
» Yesterday's Most Recommended
» Yesterday's Most Talked-About
» This Week's Most Popular
» This Week's Most Talked-About
» This Week's Most Recommended
» Last Week's Most Popular
» Last Week's Most Talked-About
» Last Week's Most Recommended
» This Month's Most Popular
» This Month's Most Recommended
» This Month's Most Talked-About
» Last Month's Most Popular
» Last Month's Most Recommended
» Last Month's Most Talked-About
» This Year's Most Popular
» This Year's Most Talked-About
» This Year's Most Recommended
» Last Year's Most Popular
» Last Year's Most Recommended
» Last Year's Most Talked-About
» All-Time Most Popular
» All-Time Most Recommended
» All-Time Most Talked-About
» Emergency or Crisis
» Facebook - Whatsapp
» Fake Anti-Spyware - Virus - Optimization Software
» Hacking - Cyber-attacks
» Hoax - Fake-News - Pranks - Chain Letters
» Kidnappings or Missing Persons
» Lottery - Donation - Inheritance Scams - Ponzi Schemes
» Phishing - Scamming - Fraud - Identity Theft
» Potentially Unwanted Programs (PUP)
» Quiz - Trivia
» Spamming - Adware
» Suspicious
» Useful - Informative
» Virus - Malware - Trojan - Ransomware - Spyware
» Public Review Community
» Web Browser Hijacking
» Questions and Answers
» Word Definition
» Content Removal Request

"ADP FedEx Shipment Notification" Malicious Email

Comments: 6
Views: 4,316
Save
Updated: Mar. 13, 2013 2013-03-13T16:00:15
Posted: Mar. 13, 2013 2013-03-13T12:36:40
Online Threat Alerts (OTA)

If you have received the email message below: "ADP - FedEx Shipment Notification," please delete it. This is because, the email which is being sent by cyber criminals, has a malicious Trojan horse attached. The malicious attachment is a Zip or compressed file with the name ADP_PAYROL_19289981.zip. This zip or compressed file contains the malicious executable Trojan horse file with the name ADP_PAYROL_19289981.exe.

The Malicious Email ADP - FedEx Shipment Notification

From: Roger_Johnson@adp.com [mailto:Roger_Johnson@adp.com]
Sent: Wednesday, March 13, 2013 11:28 AM
To: ****
Subject: ADP - FedEx Shipment Notification

Your payroll document(s) were shipped by ADP on 03/13/2013 via FedEx.

Please use the FedEx shipment tracking number(s) below to monitor the location of your payroll package(s).

You can access this information by simply clicking on your FedEx tracking number(s).

For more details, please download the attached file.

If you have any questions regarding this email you may contact me by using the information below.

Sincerely,

Roger_Johnson
888/220-5023
Roger_Johnson@adp.com

The names of both zip and Trojan file names may change. The file names will have the naming format: ADP_PAYROL_???.zip, with the characters “???” replaced with randomly generated numbers.

Do not open any attachments with the filename starting with or containing the name ADP_PAYROL. The email was not sent from ADP.com although it appears to because the “From” address is Roger_Johnson@ adp.com. This e-mail address may also change to something at adp.com.

The malicious file ADP_PAYROL_19289981.exe was scanned with 45 antivirus software and 10 detect the Trojan. This 10 antivirus software are able to remove this threat.

Here are the results of the scans:

File name: ADP_PAYROL_19289981.exe
File type: Win32 EXE
Detection ratio: 10 / 45

Antivirus Threat

AhnLab-V3 --- Trojan/Win32.Tepfer

BitDefender --- Trojan.Generic.KDZ.10693

CAT-QuickHeal --- (Suspicious) - DNAScan

Commtouch --- W32/Trojan.RZUA-2634

Fortinet --- W32/Kryptik.KZ!tr

GData --- Trojan.Generic.KDZ.10693

Kaspersky --- UDS:DangerousObject.Multi.Generic

Malwarebytes --- Malware.Packer.SGX3

MicroWorld-eScan --- Trojan.Generic.KDZ.10693

PCTools --- Suspicious.Cloud.7.L

Never open any application files (file with the extension .EXE) sent as an e-mail attachment. Click here to view a list of e-mail attachments you should never open.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (1)
No (0)

Share this with others:

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

March 13, 2013 at 5:35 PM by info
This malware is a Trojan horse. A Trojan horse allows unauthorized remote access to a user's computer. With this access, a cybercriminal can use it to steal information, spy on the user or even use the user's computer to carry out other malicious activites.
remove
March 13, 2013 at 5:02 PM by an anonymous user from: Modesto, California, United States
Any additional information on what this particular virus/malware does?
remove
March 13, 2013 at 4:17 PM by an anonymous user from: Modesto, California, United States
Thank you.in our specific case there are a number of share folders renamed from filename to filename.exe, along with added folders and executables. Is this process undone with the quarantine?
Running scans now.
remove
March 13, 2013 at 3:53 PM by info
All the 10 antivirus software listed in the article (in green) are currently able to detect and successfully clean the threat.
remove
March 13, 2013 at 3:33 PM by an anonymous user from: Modesto, California, United States
Any clarification of the AntiVirus software that detected and successfully cleaned the threat would be helpful.
remove
March 13, 2013 at 3:33 PM by an anonymous user from: Ashburn, Virginia, United States
Sincerely,
Cynthia_Ali
888/220-8021
Cynthia_Ali@adp.com
My message included the above but was sent from this person. This article was very helpful, thanks!
remove