Fake emails used in December 6 and December 7 attacks attempt to trick Adobe users into opening malware-laden attachments. According to two separate Sophos reports, attackers sent one email to Adobe InDesign users, and another email to Adobe Reader and X Suite users. Both emails contain attachments claiming to be part of a critical “Adobe update,” but contain malware instead. However, Adobe does not issue updates via email, and never have, according to the Adobe Online Piracy page. Following are some facts about the attacks, facts about the fake emails, and other important information.
Who did the Adobe malware attacks target?
The attacks contain similar wording, similar malware, and come only a day apart. The first attack was an email aimed at Adobe Reader and Adobe X Suite Advanced users. According to the first Sophos report, it contains the Trojan known as, “Troj/BredoZp-GY.” The second attack was an email aimed at Adobe InDesign users, and it contains the Trojan known as, “Troj~Bredo-MY,” according to the second Sophos report.
What did the fake Adobe Reader and X Suite Advanced emails say?
According to the first Sophos report, the emails to Reader and X Suite Advanced users claimed to be from Adobe Systems Incorporated, and claimed to contain a new version or a critical upgrade to an existing version located in the attached file. However, the notification reference numbers, exact message wording, and the last word in the attached file names are different in each email. The attachment file name reads, “AdobeSystems-Software_Critica Update Dec_2011,” and then a random word or number comes after it, and then the ZIP file extension (.zip) is added. In reality, this attachment contains an executable program file that Sophos determined to be a malware program with the same name, but swapping the “.zip” file extension for the “.exe” file extension.
What did the fake Adobe InDesign emails say?
According to the second Sophos report, the emails to Adobe InDesign users claimed to contain an updated license key to the Adobe InDesign Creative Suite 4 (CS4) program. Each email contains an attachment that Sophos determined to be malware-laden. The attachment is labeled, “License_key_ID,” contains a random number, and the ZIP file extension (.zip). The subject line stays the same with each of the emails and reads, “InDesign CS4 License Key,” while claiming to be from, “Adobe Systems Incorporated,” just as the Reader and X Suite Advanced attack emails do.
How dangerous is the malware contained in the emails?
According to Sophos, both Trojans create fake Windows registry keys, and create files within the “svchost.exe,” process, which is necessary for any Windows-based computer to operate normally. The Trojans were also identified as variants of the Zeus Trojan, so they are quite dangerous. According to PC World, Zeus, detected in 2006, allowed 60 of its creators to get away with stealing more than $200 million by the time they were charged with numerous crimes in 2010.
What else should users know about the attacks?
While most Adobe users know Adobe does not issue updates via email, some are fooled because the emails look official. Nevertheless, on its Online Piracy page Adobe states that anyone receiving an email claiming to be from Adobe and asking for personal information should report that email as fraud. Otherwise, if a computer is infected, using an already installed and up to date security program that can remove the Zeus Trojan should work to remove these variants.
Jessica (JC) Torpey is a self-taught computer technician with more than 10 years experience in the field. JC’s passion is studying the various political and business aspects of the technology industry. Combining that knowledge with her love of computers, JC uses it to influence her writing.
Article source: http://news.yahoo.com/adobe-indesign-reader-x-suite-advanced-malware-attacks-204300554.html
View full post on National Cyber Security » Virus/Malware/Worms