We received several reports of spam email messages that advertise a new version of Adobe Acrobat, attempting to entice the recipient into clicking a link to a suspicious website. (Thanks, Steve and Bill.)
Since Adobe announced a new version of Adobe Reader a few days ago, we expect to see an increase in spam proclaiming security advantages of the new version and encouraging people to upgrade. It's likely that the new messages will even highlight the improved security of the new version (Adobe Reader X) as an element of social engineering.
At the moment, Adobe Acrobat/Reader spam is not yet using the Reader X designation, but talks about "Adobe Acrobat 2010":
Variations of these messages have been around for a few months, as Adobe confirmed on September 13. The spam that we've seen have used mostly the same text in the body of the email message, but changed email Subject lines and destination URLs:
Note that suspicious domains used as part of this campaign tend to include "adobe" as part of its name, along with incorporating hyphens.
The domains that are still active were registered with
The sites advertised as part of the spam campaign attempt to convince the person to provide his or her credit number to obtain PDF reader/writer software using a form that's hosted on
Here's what the landing pages linked from spam messages looked like:
Here's what the subsequent pages, which requested user data, looked like:
To see full-size images, visit the screen shot gallery at http://www.dropmocks.com/mKDOP.
Consider letting users in your organization know about these Adobe spam activities, so that they don't attempt to download and install software coming from an untrusted source.
-- Lenny Zeltser
Nov 22nd 2010
9 years ago