Adobe malware attack sloppiness puts a Spaniard in the works

Filed Under: Adobe, Adobe Flash, Malware, Spam

Is there a patron saint of computer users? There should be.

After all, there are patron saints of dentists, bee keepers, and plasterers.

Well, whoever they might be, we should give thanks to them that time and time again hackers make elementary mistakes that mean (if we keep our wits about us) we can avoid our computer becoming infected.

Take this Spanish-language email which has been spammed out, for instance, claiming to point to an update for the Adobe Flash Player:

Fake flash email

At first glance the email may look legitimate enough to any Spanish computer users receiving it in their inbox. The subject line reads "Ya hay disponible una actualizacion de Adobe Flash Player" which translates as "An update is now available Adobe Flash Player".

But look a little more closely and you'll see that twice in the email "Adobe" is misspelt as "Adoble". Which I must admit makes me think more of the Spanish Paso Doble dance than the vendor of a web plug-in.

If you did make the mistake of clicking on the link embedded inside the email then you are taken to a webpage that exhorts you to download a fake update to Adobe Flash which Sophos detects as Mal/Behav-359:

Webpage encouraging users to download a malicious Flash update

Again, there's more evidence of spelling sloppiness on the part of the hackers. See that last sentence? They've spelt it "requiered" rather than "required". It's an elementary mistake, but should ring alarm bells in your head if you're looking out for signs that something suspicious might be going on rather than desperately downloading an update.

So how do these tiny clues and mistakes manage to sprinkle themselves into a hacker's attack? Is there some divine intervention that is ensuring that so many cybercriminals keep making daft errors, putting a spanner in the works, and helping to tip off potential victims? Whatever the reason, I hope it continues for as long as there's a malwre problem.

Of course, the lesson all computer users need to learn is that you should always be suspicious of unsolicited emails and always visit the vendor's own website for legitimate updates to the likes of Adobe Flash.

Update: Julio Canto of VirusTotal has been in touch, informing me that the Spanish used in the email is of very poor quality, and so was probably created by an automatic translator.

Thanks also to Tom Meersschaut of Impakt in Belgium, who informs me that there is a patron saint of computer users! Saint Isodore of Seville.

Marvellous! You can always rely on Clu-blog readers to fill in the gaps. :)

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.