The Malicious Email ADP - FedEx Shipment Notification
From: Roger_Johnson@adp.com [mailto:Roger_Johnson@adp.com]
Sent: Wednesday, March 13, 2013 11:28 AM
Subject: ADP - FedEx Shipment Notification
Your payroll document(s) were shipped by ADP on 03/13/2013 via FedEx.
Please use the FedEx shipment tracking number(s) below to monitor the location of your payroll package(s).
You can access this information by simply clicking on your FedEx tracking number(s).
For more details, please download the attached file.
If you have any questions regarding this email you may contact me by using the information below.
The names of both zip and Trojan file names may change. The file names will have the naming format: ADP_PAYROL_???.zip, with the characters “???” replaced with randomly generated numbers.
Do not open any attachments with the filename starting with or containing the name ADP_PAYROL. The email was not sent from ADP.com although it appears to because the “From” address is Roger_Johnson@ adp.com. This e-mail address may also change to something at adp.com.
The malicious file ADP_PAYROL_19289981.exe was scanned with 45 antivirus software and 10 detect the Trojan. This 10 antivirus software are able to remove this threat.
Here are the results of the scans:
File name: ADP_PAYROL_19289981.exe
File type: Win32 EXE
Detection ratio: 10 / 45
- AhnLab-V3 --- Trojan/Win32.Tepfer
- BitDefender --- Trojan.Generic.KDZ.10693
- CAT-QuickHeal --- (Suspicious) - DNAScan
- Commtouch --- W32/Trojan.RZUA-2634
- Fortinet --- W32/Kryptik.KZ!tr
- GData --- Trojan.Generic.KDZ.10693
- Kaspersky --- UDS:DangerousObject.Multi.Generic
- Malwarebytes --- Malware.Packer.SGX3
- MicroWorld-eScan --- Trojan.Generic.KDZ.10693
- PCTools --- Suspicious.Cloud.7.L
Never open any application files (file with the extension .EXE) sent as an e-mail attachment. Click here to view a list of e-mail attachments you should never open.
Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search
Note: Some of the information in samples on this website may have been impersonated or spoofed.
Comments, Questions, Answers, or Reviews
To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users. That location is not enough to find you.
Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.
Show More Comments (5)
Write Your Comment, Question, Answer, or Review
Recommendation / Advertisement