Last week we reported that fake ADP Security Management emails were making the rounds, luring users to malware-serving websites.
Today, on July 9, a new variant has been spotted, warning recipients that their certificates are about to expire.
Apparently originating from firstname.lastname@example.org, the shady notifications bear the subject “ADP Generated Message: First Notice - Digital Certificate Expiration.”
Here’s what the body of the message looks like:
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY. If you have any questions, please contact your administrator for assistance.
Digital Certificate About to Expire
The digital certificate you use to access ADP's Internet services is about to expire. If you do not renew your certificate by the expiration date below, you will not be able to access ADP's Internet services.
Days left before expiration: 2
Expiration date: Jul 11 23:59:59 GMT-03:59 2012
The recipient is then urged to visit a couple of links that allegedly lead to webpages where the certificate can be renewed. Also, the notice contains instructions on “deleting your old digital certificate.”
In this case, the fraudsters try to induce a state of urgency by warning potential victims that there are only two days left.
While links comprised in the email apparently point to adp.com domains, in reality they lead to compromised websites that serve a Trojan identified by ESET as TrojanDownloader.HackLoad.AH. The sample we’ve analyzed involves the site of a Canadian law firm.
We have contacted the company in question and their webmaster will hopefully address this issue as soon as possible. In the meantime, users are advised to beware of such emails.
They may appear to be highly legitimate, but in reality, they can cause a lot of problems for those who fall victims in the traps they set.