ADP Payroll Invoice Spam/Virus

There’s a very successful spam campaign out now spoofing legitimate ADP payroll invoice emails. They most commonly arrive as:

Subject:     Payroll Invoice
From:     “payroll@adp.com”

In reality, they come from previously infected personal computers spanning the globe.

An example of the above:

‘from 60-240-131-86.static.tpgi.com.au ([60.240.131.86])

(envelope-from <photojournalistvi@wetleather.com>)

It doesn’t take a trained email professional to realize that’s not ADP emailing.

Unfortunately, as easy as it may be for some to realize these emails are bogus, many users are still tricked into believing the emails are authentic ADP communications.

The messages themselves advise:

A copy of your ADP TotalSource Payroll Invoice for the following payroll is is attached in PDF file and available for viewing.

Please open attached file to view and check following payrol

Here’s a screen shot of an actual example email:

ADP Payroll Virus

ADP Payroll Virus

Attached to this simple email are two attachments, one a zip file and one an executable program (.exe extension):

invoice.zip  88,876  bytes
invoice_91347293472937584_8239748239aa.pdf.exe    100862   bytes

Note that the invoice number is randomized in an attempt to foil simply spam and virus filtering systems.

Launching these files by the user is what will then infect that user’s machine, causing it to join the spam spewing bot army reporting to command and control of the virus originator.

For whatever reason, this virus campaign has been especially successful (despite spelling errors) in tricking users into believing the messages is legitimate, even after being blocked and clearly labeled as a virus.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , , , , , ,

Comments are closed.