Adobe malware attack sloppiness puts a Spaniard in the works

Is there a patron saint of computer users? There should be.

After all, there are patron saints of dentists, bee keepers, and plasterers.

Well, whoever they might be, we should give thanks to them that time and time again hackers make elementary mistakes that mean (if we keep our wits about us) we can avoid our computer becoming infected.

Take this Spanish-language email which has been spammed out, for instance, claiming to point to an update for the Adobe Flash Player:

Sign up to our free newsletter.
Security news, advice, and tips.

Fake flash email

At first glance the email may look legitimate enough to any Spanish computer users receiving it in their inbox. The subject line reads “Ya hay disponible una actualizacion de Adobe Flash Player” which translates as “An update is now available Adobe Flash Player”.

But look a little more closely and you’ll see that twice in the email “Adobe” is misspelt as “Adoble”. Which I must admit makes me think more of the Spanish Paso Doble dance than the vendor of a web plug-in.

If you did make the mistake of clicking on the link embedded inside the email then you are taken to a webpage that exhorts you to download a fake update to Adobe Flash which Sophos detects as Mal/Behav-359:

Webpage encouraging users to download a malicious Flash update

Again, there’s more evidence of spelling sloppiness on the part of the hackers. See that last sentence? They’ve spelt it “requiered” rather than “required”. It’s an elementary mistake, but should ring alarm bells in your head if you’re looking out for signs that something suspicious might be going on rather than desperately downloading an update.

So how do these tiny clues and mistakes manage to sprinkle themselves into a hacker’s attack? Is there some divine intervention that is ensuring that so many cybercriminals keep making daft errors, putting a spanner in the works, and helping to tip off potential victims? Whatever the reason, I hope it continues for as long as there’s a malwre problem.

Of course, the lesson all computer users need to learn is that you should always be suspicious of unsolicited emails and always visit the vendor’s own website for legitimate updates to the likes of Adobe Flash.

Update: Julio Canto of VirusTotal has been in touch, informing me that the Spanish used in the email is of very poor quality, and so was probably created by an automatic translator.

Thanks also to Tom Meersschaut of Impakt in Belgium, who informs me that there is a patron saint of computer users! Saint Isodore of Seville.

Marvellous! You can always rely on Clu-blog readers to fill in the gaps. :)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.