Cybercriminals are sending malicious emails that purport to come from payroll services firms in order to insert malware into the computers of payroll administrators from various companies, according to researchers from the SANS Internet Storm Center (ISC).
“For the past couple of weeks, companies that offer outsourced payroll management services have seen their names being abused for phishing scams,” SANS incident handler Daniel Wesemann said in a blog post. “One prominent example is ADP, whose website currently alerts their customers to four different samples of phishing emails that claim to be from ADP.”
In the most recent attack, criminals sent spoofed emails to ADP’s customers claiming that the digital certificates they use to access the company’s Internet services were about to expire. The email recipients were instructed to renew their certificates by clicking on a link that appeared to lead to ADP’s website. However, the link actually directed users to an attack site that tried to exploit vulnerabilities in outdated browser plug-ins in order to infect their computers with malware.
“ADP’s Global Security Organization has received numerous reports regarding fraudulent emails referring to ‘ADP Generated Message: First Notice – Digital Certificate Expiration’,” ADP said in a security alert posted on its website. “ADP is working with our security vendors and fraud prevention team to identify and contain the source(s) of these emails.”
One of the exploits targets a Java vulnerability identified as CVE-2012-1723 that was patched by Oracle in June. According to a researcher with the Microsoft Malware Protection Center, Web-based attacks are increasingly targeting this flaw. The CVE-2012-1723 exploit used in the ADP attack has a low detection rate on VirusTotal, an online file scanning service that uses 41 antivirus engines, Wesemann said. “The main reason for this seems to be that the exploit packs are encoded.”
Automatic Data Processing (ADP) is a U.S.-based provider of outsourced business services, including payroll management, with approximately 600,000 clients.
Complete article posted at IT World.
Leave a Reply
You must be logged in to post a comment.