Red Condor has issued a warning for a new malware threat crafted to appear as an email thread discussing vulnerabilities in Adobe software. The campaign targets Adobe customers and consists of a fake thread of forwarded emails that begins with a security update message from an employee in “Adobe Risk Management.” The campaign warns recipients of a “Denial of Service Vulnerability” in the Adobe software and “strongly advises” that companies running the software update their systems with the “latest security patch.”
But the most convincing and potentially damaging aspect of the campaign is the structure of the forwarded thread, which is spoofed and customized per message and recipient. The thread contains what appear to be the full names and email addresses of people in higher positions in the recipient’s organization, possibly a technique to make the message and call to action seem legitimate. Embedded in the body of the email are links to a PDF file that contains the update instructions for the security patch, and an executable, which has been identified as a Trojan virus. Red Condor is the first to detect the malware campaign; the vast majority of AV engines failed to recognize the malicious download.
Red Condor advises recipients of the fake Adobe Security Update email to delete it immediately and not to click on the embedded PDF or web site links. The campaign was detected by Red Condor’s Spam Trigger filter. As with all threats captured by Red Condor, once identified, this campaign has been quarantined and reviewed and rules have been written for automatic distribution to Red Condor’s anti-spam appliance and Hosted Service customers.