Payroll admins targeted by dangerous Java exploit
Criminals are targeting customers of outsourcer ADP with a dangerous Java exploit in a bid to steal employee personal and financial details.
The phishing attacks attempt to direct company payroll administrators to malicious websites rigged with exploit kits, including the recently patched Java Runtime Environment (JRE) HotSpot hole (CVE-2012-1723).
The kits were encrypted and detected by only eight of the 41 anti-virus vendors on VirusTotal. One attack reported by some of ADP’s 600,000 customers attempted to con users with warnings that the company’s digital certificate was close to expiry.