Beware Adobe Software Upgrade Notification – malware attached!

Graham Cluley
Graham Cluley
@[email protected]

Adobe PDFCybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced.

The emails, which pretend to come from Adobe, have a ZIP file attached which contains a version of the Zeus Trojan horse, designed to steal banking information from compromised computers.

The risk is that less technical-savvy computer users might believe the email is legitimate, and be tricked into installing malware onto their computer thinking that it is an official Adobe update.

Bogus Adobe email has malware attached

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: Adobe Software Upgrade Notification ID: [random number]

Attached file: AdobeSystems-Software_Critica Update Dec_2011-[random].zip

Hello Dear,

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced features include:

- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today please open attached file.

Copyright 2011 Adobe Systems Incorporated. All rights reserved.
TrackNum: [random ref number]

Adobe Systems Incorporated,

Each email is slightly different, incorporating different reference numbers in the subject line, attached filename and message body. But the samples seen so far by Sophos all carry malware in the file “Adobe Systems Software Critical Update Dec 2011.exe” contained within the ZIP.

Computer users need to learn that Adobe never sends up software updates as an email attachment, and any legitimate upgrades should always be downloaded from Adobe’s own website. It’s trivial for a malicious hacker to forge an email header to trick the unwary into believing an email has been sent from someone else – so just because it claims to be from Adobe, doesn’t mean that it was sent by them.

Sophos products are detecting the ZIP file as Troj/BredoZp-GY and intercepting the messages as spam.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.