Fake Adobe update is circulating

Amid reports of Adobe’s recent zero-day vulnerability, users have been urged to update to the newest version. Unfortunately, scammers are using this as an opportunity to target users.

The warning comes from Cloudmark researcher Jamie Tomasello, who writes in the company blog about spam advertising an upgrade to Adobe Acrobat Reader.

"Do not download now," he writes. His post includes images of the scam message, which is made to look like an official Adobe message. It includes two links urging people to download the latest version. Clearly, Tomasello writes, "the bad guys are trying to get unknowing users to give up their credit card information."

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

He continues:

Links contained within emails with the subject line “Action required : Upgrade New Adobe Acrobat Reader For Your PC” do not lead you to an official Adobe website. The message may seem legitimate to the unknowing recipient since the URLs in spam and the initial landing page contain the word "adobe" in the domain. Similar to the campaign outlined by MX Lab in September 2010, the links take you to malicious web sites asking for your credit card information.

Once you click on the “Download Now” button, you are redirected to secureonlineweb.su to provide your contact information and your credit card details.

Our samples, as well as reports elsewhere, show this scam being sent by otherwise legitimate ESPs (Email Service Providers) – as noted by MX Lab, Mailchimp has been victimized this way in the past, and the current batch of scam spam is coming from Silverpop.

Adobe is aware of these campaigns and has been advising recipients to delete these messages upon receipt. To download Adobe Reader directly from Adobe, visit http://get.adobe.com/reader/.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

And now you know.

My thanks to Matt Grant for flagging this one.

--Bill Brenner

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022