SANS Warns of Malicious Payroll Spam

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Researchers at the SANS Internet Storm Center (ISC) are warning of phishing e-mails that claim to come from payroll services companies but are designed to infect recipients' computers with malware.

"Few things are as juicy for the bad guys as getting a key-logger onto the computer of someone who manages payroll," notes SANS incident handler Daniel Wesemann. "HR/payroll employees tend to have access to personal data of staff and usually have some form of access to a well-stocked bank account that is used to pay the wages."

"In the most recent attack, criminals sent out rogue emails to ADP's customers claiming that the digital certificates they use to access the company's Internet services were about to expire," writes PCWorld's Lucian Constantin. "The email recipients were asked to renew their certificates by clicking on a link that appeared to lead to ADP's website."

"But the link provided for 'renewing your digital certificate' instead routes a user to multiple websites, ending in a site that delivers multiple exploits, including one that targets a Java runtime environment (JRE) vulnerability, CVE2012-1723," writes InformationWeek's Mathew J. Schwartz. "That vulnerability was patched by Oracle on June 13, but it apparently remains widely unpatched."

"[Wesemann] advises companies to make sure that the Java hole in question is patched, that ... employees are again put through training that will allow them to spot phishing attempts such as these, and to make them carefully check out email logs for messages coming from the outsourced payroll provider in order to spot emails that say they are but they don't," writes Help Net Security's Zeljka Zorz.