Warning! JavaScript is turned off or disabled! Some features on this website will not work.
»

Beware of "ADP FedEx Shipment Notification" Malicious Email

Updated: March 13, 2013 2013-03-13T16:00:15 - Posted: March 13, 2013 - Views: 4,268 - Comments: 6  +
Beware of "ADP FedEx Shipment Notification" Malicious Email
Would you recommend this article to someone?  Yes (1)     No (0)   

If you have received the email message below: "ADP - FedEx Shipment Notification," please delete it. This is because, the email which is being sent by cyber criminals, has a malicious Trojan horse attached. The malicious attachment is a Zip or compressed file with the name ADP_PAYROL_19289981.zip. This zip or compressed file contains the malicious executable Trojan horse file with the name ADP_PAYROL_19289981.exe.

Please continue below.

The Malicious Email ADP - FedEx Shipment Notification

From: Roger_Johnson@adp.com [mailto:Roger_Johnson@adp.com]
Sent: Wednesday, March 13, 2013 11:28 AM
To: ****
Subject: ADP - FedEx Shipment Notification

Your payroll document(s) were shipped by ADP on 03/13/2013 via FedEx.

Please use the FedEx shipment tracking number(s) below to monitor the location of your payroll package(s).

You can access this information by simply clicking on your FedEx tracking number(s).

For more details, please download the attached file.

If you have any questions regarding this email you may contact me by using the information below.

Sincerely,

Roger_Johnson
888/220-5023
Roger_Johnson@adp.com

The names of both zip and Trojan file names may change. The file names will have the naming format: ADP_PAYROL_???.zip, with the characters “???” replaced with randomly generated numbers.

Do not open any attachments with the filename starting with or containing the name ADP_PAYROL. The email was not sent from ADP.com although it appears to because the “From” address is Roger_Johnson@ adp.com. This e-mail address may also change to something at adp.com.

The malicious file ADP_PAYROL_19289981.exe was scanned with 45 antivirus software and 10 detect the Trojan. This 10 antivirus software are able to remove this threat.

Here are the results of the scans:

File name: ADP_PAYROL_19289981.exe
File type: Win32 EXE
Detection ratio: 10 / 45

Antivirus Threat

  • AhnLab-V3 --- Trojan/Win32.Tepfer
  • BitDefender --- Trojan.Generic.KDZ.10693
  • CAT-QuickHeal --- (Suspicious) - DNAScan
  • Commtouch --- W32/Trojan.RZUA-2634
  • Fortinet --- W32/Kryptik.KZ!tr
  • GData --- Trojan.Generic.KDZ.10693
  • Kaspersky --- UDS:DangerousObject.Multi.Generic
  • Malwarebytes --- Malware.Packer.SGX3
  • MicroWorld-eScan --- Trojan.Generic.KDZ.10693
  • PCTools --- Suspicious.Cloud.7.L

Never open any application files (file with the extension .EXE) sent as an e-mail attachment. Click here to view a list of e-mail attachments you should never open.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

Comments, Questions and Reviews
(Total: 6)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

  • Posted: Mar 13, 2013 by info

    This malware is a Trojan horse. A Trojan horse allows unauthorized remote access to a user's computer. With this access, a cybercriminal can use it to steal information, spy on the user or even use the user's computer to carry out other malicious activites.

    delete


  • Posted: Mar 13, 2013 by an anonymous user from or near: Tracy, California, United States

    Any additional information on what this particular virus/malware does?

    delete


  • Posted: Mar 13, 2013 by an anonymous user from or near: Tracy, California, United States

    Thank you.in our specific case there are a number of share folders renamed from filename to filename.exe, along with added folders and executables. Is this process undone with the quarantine?

    Running scans now.

    delete


  • Posted: Mar 13, 2013 by info

    All the 10 antivirus software listed in the article (in green) are currently able to detect and successfully clean the threat.

    delete


  • Posted: Mar 13, 2013 by an anonymous user from or near: Tracy, California, United States

    Any clarification of the AntiVirus software that detected and successfully cleaned the threat would be helpful.

    delete


  • Posted: Mar 13, 2013 by an anonymous user from or near: Acworth, Georgia, United States

    Sincerely,

    Cynthia_Ali
    888/220-8021
    Cynthia_Ali@adp.com

    My message included the above but was sent from this person. This article was very helpful, thanks!

    delete


Show More of the 6 Comments

Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.
View more...
View more...
View more...

View more...

My Account About us Advertise with us Donate to OTA Report Cyber Threats RSS Feed Contact us Terms and Conditions Privacy Policy

This site uses cookies to offer you a complete experience. Learn more.

Copyright © 2012 - 2018 - Online Threat Alerts.