[Update: reposted at http://blog.eset.com/2010/10/17/fake -adobe-updates-2 and updated with an edited version of the email at http://blog.eset.com/2010/10/17/fake-adobe-update-update .]
My good friend David Phillips, AV guru at the Open University, called my attention to this.
An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out: of course, it’s a fake, linking to a site that isn’t Adobe’s. I haven’t seen the message and I don’t have the link for this one, but I suspect that it’s related to the message reported here a week or two ago, relating to something called Adobe Reader Pro, and including a number of malicious links. Again, I don’t know which specific links have been associated with that email, but similar names have cropped up in other scams, relating to products which may or may not be genuine, but primarily aimed at getting subscribers (complete with credit card information) to spurious software providers. See:
David also notes that the reply address was a little unconvincing: xxxxxxx-bxszrjvbgyaue0au9qucvqcc5k64me(at)grandparents.chtah.xxx…
So, what can we learn from this? ;-)
2) Even if you’re subscribed to one of the lists Adobe does maintain to communicate with “opted-in” readers (for example on security updates), don’t assume that every message you receive like this comes from that source. In this instance, checking the target link and the reply address are red flags 2 and 3.
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow