The Trojan attached to the malicious emails is detected by only a dozen antiviruses

Mar 5, 2013 10:38 GMT  ·  By

MX Lab experts are warning users to be on the lookout for bogus ADP TotalSource notifications designed to distribute a piece of malware.

Apparently originating from “[email protected],” the emails bear the subject “ADP TotalSource Automated Payroll Invoice Notification.”

The .zip file that’s attached to the emails, called ADP-TotalSource-Payroll- Invoice-B34519A60357, appears to be a harmless PDF but, in reality, it’s a Trojan that’s currently identified by only 12 antivirus solutions.

Here’s what the body of these emails looks like:

“A copy of your ADP TotalSource Payroll Invoice for the following payroll is is attached in PDF file and available for viewing.

Year: 13 Week No: 08 Payroll No: 1

Please open attached file to view and check following payroll

This email was generated by an automated notification system. If you have any questions regarding the invoice or you have misplaced your MyTotalSource login information, please contact your Payroll Service Representative.

Please do not reply to the email directly. © 2007 Automatic Data Processing, Inc.”