My good friend David Phillips, AV guru at the Open University, called my attention to this. I originally posted it at Chainmailcheck, but I thought it would probably be of interest to readers here, too.

An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out recently: of course, it’s a fake, linking to a site that isn’t Adobe’s.

I haven’t seen the full message and I don’t have the link it includes, but I suspect that it’s related to the message reported here a week or two ago, relating to something called Adobe Reader Pro. That mail, reported to an Adobe forum, apparently includes a number of malicious links. Similar names have cropped up in other  scams, relating to products which may or may not be genuine - open source software is a common target - however, the mails I've seen are from spurious software providers and primarily aimed at getting subscribers. And, of course, their credit card information. See:

David also notes that the reply address was a little unconvincing:

xxxxxxx-bxszrjvbgyaue0au9qucvqcc5k64me(at)grandparents.chtah.xxx…

Hmmm.

So, what can we learn from this?  

Adobe doesn’t send out unsolicited stuff like this, even when it concerns security patches and the like. If you’re not subscribed to one of their lists, that’s red flag number one. See also:

https://www.welivesecurity.com/2010/05/06/fake-adobe-updates

Even if you’re subscribed to one of the lists Adobe does maintain to communicate with “opted-in” readers (for example on security updates), don’t assume that every message you receive like this comes from that source. In this instance, checking the target link and the reply address are red flags 2 and 3.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow