ADP Immediate Notification emails leads to sites with obfuscated Javascript


MX Lab, http://www.mxlab.eu, started to intercept a new campaign with the subject “ADP Immediate Notification” targeting ADP users.

The email is send from the spoofed address and has the following body:

The URL points in our sample to hxxp://sk-clan.eu5.org/redirectng.htm showing the message “Please wait a moment... You will be forwarded.” and redirects the visitor towards hxxp://demoralization.ru:8080/forum/links/column.php where obfuscated Javascript is being used to check the system for vulnerabilities.

MX Lab recommends therefore not to click on the embedded URLs in this type of messages.

One thought on “ADP Immediate Notification emails leads to sites with obfuscated Javascript

Comments are closed.