Fake ADP Speedy Notifications entitled “ADP Immediate Notifications” are currently making the rounds, attempting to trick recipients into visiting BlackHole exploit kit-hosting websites.
The emails inform users that their “complete account activity summary” has been uploaded to the website.
Those who click on the link are served a variant of the Cridex worm (currently detected only by 24 antivirus engines), which in turn drops another piece of malware detected as PWS:Win32/Fareit.
According to Webroot, the main concern about these malicious websites is that they host the latest version of BlackHole, which includes the recently uncovered Java 7 exploit.
Oracle has addressed this vulnerability with an out-of-band patch released on Monday, so Java users are advised to update immediately. On the other hand, since there are some unfixed holes in Java, experts advise those who don’t need the application to remove it altogether.