Posted by: David Harley | October 17, 2010

Fake Adobe Updates

[Update: reposted at http://blog.eset.com/2010/10/17/fake -adobe-updates-2 and updated with an edited version of the email at http://blog.eset.com/2010/10/17/fake-adobe-update-update .]

My good friend David Phillips, AV guru at the Open University, called my attention to this.

An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out: of course, it’s a fake, linking to a site that isn’t Adobe’s. I haven’t seen the message and I don’t have the link for this one, but I suspect that it’s related to the message reported here a week or two ago, relating to something called Adobe Reader Pro, and including a number of malicious links. Again, I don’t know which specific links have been associated with that email, but similar names have cropped up in other  scams, relating to products which may or may not be genuine, but primarily aimed at getting subscribers (complete with credit card information) to spurious software providers. See:

http://blog.eset.com/2010/06/06/paying-for-free-software 
http://blog.eset.com/2009/03/18/fake-av-spam

David also notes that the reply address was a little unconvincing: xxxxxxx-bxszrjvbgyaue0au9qucvqcc5k64me(at)grandparents.chtah.xxx…

Hmmm.

So, what can we learn from this? ;-) 

1) Adobe doesn’t send out unsolicited stuff like this, even when it concerns security patches and the like. If you’re not subscribed to one of their lists, that’s red flag number one. See also:

http://blog.eset.com/2010/05/06/fake-adobe-updates

2) Even if you’re subscribed to one of the lists Adobe does maintain to communicate with “opted-in” readers (for example on security updates), don’t assume that every message you receive like this comes from that source. In this instance, checking the target link and the reply address are red flags 2 and 3.

David Harley CITP FBCS CISSP
Small Blue-Green World
Mac Virus
ESET
Senior Research Fellow


Responses

  1. [...] Phillips have kindly sent me the full text of the fake Adobe update messages I previously mentioned here and here. Here it is, without some of the extraneous and in some cases dangerous [...]

  2. [...] Phillips have kindly sent me the full text of the fake Adobe update messages I previously mentioned here and here. Here it is, without some of the extraneous and in some cases dangerous [...]

  3. I took a screen print of the latest fake Adobe Reader scam but obviously I can’t insert it here. So here’s the text in 8pt and made single lines.
    Mon, 28 February, 2011 14:32:10
    Adobe Acrobat Reader latest version released ! Upgrade Available Now
    From: Adobe Incorporated
    Add to Contacts
    To: xxxx
    ________________________________________
    Dear xxxx,
    Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
    http://www.adobe-new-updates.com

    What’s new in this version :

    * Read, search, and share PDF files.
    * Convert to PDF.
    * Export and edit PDF files
    * Add rich media to PDF files
    * Combine files from multiple applications
    * Increase productivity and process consistency
    * Streamline document reviews
    * Collect data with fillable PDF forms
    * Protect PDF files and content
    * Comply with PDF and accessibility standards

    To get more and upgrade to this version, go to :
    http://www.adobe-new-updates.com

    Start downloading the update right now and let us know what you think about it.
    We’re working on making Adobe Acrobat Reader better all the time !
    Talk soon,
    The people at Adobe

    Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

    I didn’t click on it THIS time. Fingers crossed that my anti-virus program has kept me safe because I admit to having been caught earlier, until I got suspicious when the same offers kept coming.

    • @scribecr57 Thanks for that information. As well as the fake updates and fake apps, there are increasing numbers of sites that invite you to pay for free software. I don’t know which of these, if any, this one belongs to, but some of them are pretty hard to distinguish from the real thing. And, of course, some of them have domain names that are pretty close to the real thing, and the registration data are often fairly believable. I might come back to this in a post later.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: