A new malware threat is working it's away around the web over the last 48 hours. We have starting seeing instances of malicious piece of spam hit our servers. The emails are meant to appear as an Invoice from ADP that includes a PDF file. The email appears with a subject of FW: Invoce_XXXXXXX or Past Due ADP Invoice. The invoice number is different in each email as is the name of the sender. In most cases, the email appears to be coming from an @sage.co.uk email address.
This particular spam campaign appears to be another one from the current zbot runs which try to drop cryptolocker, ransomware and other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. This particular email would look familiar to those in the financial and business community. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from normal everyday people.
Based on information we have seen and received, most of these have a password stealing component, with the aim of stealing your email log in credentials. Many of them are also designed to specifically steal Facebook and other social network log in details as well. These emails contain a genuine PDF which is why it slips through some spam filters. However, the file is malformed and contains a script virus and can infect you with no action on your part by simply previewing the PDF in your browser or within a PDF reader. It depends on which version of Adobe Reader you use, but older ones are definitely vulnerable to this exploit. We strongly urge you to make sure you are using the most recent version of Adobe Reader. You can find a bulletin for the most recent security updates for Adobe Reader here
Below you will find some examples of the emails for a helpful reference in identifying them:
We are currently taking steps to adjust the filters on our end to capture similar emails going forward. If at anytime you are skeptical of an email you have received, please feel free to reach out to us for assistance. You can also find some additional steps on how to handle suspicious emails here. As we all have seen or heard, this type of malicious activity is becoming increasingly common, especially to organizations with established, trusted brands.
To receive email notices when new alerts are posted, please got to Forums > Using Redtail Email > Spam Alerts with Redtail's helpdesk and click the Subscribe option in the forum header above. Note: Make sure you are not within the actual article when selecting to subscribe as this will only subscribe to that particular article.
For a reference, see screen capture below: