Beware Adobe Software Upgrade Notification - malware attached!

Filed Under: Adobe, Featured, Malware, Spam

Adobe PDFCybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced.

The emails, which pretend to come from Adobe, have a ZIP file attached which contains a version of the Zeus Trojan horse, designed to steal banking information from compromised computers.

The risk is that less technical-savvy computer users might believe the email is legitimate, and be tricked into installing malware onto their computer thinking that it is an official Adobe update.

Bogus Adobe email has malware attached

Subject: Adobe Software Upgrade Notification ID: [random number]

Attached file: AdobeSystems-Software_Critica Update Dec_2011-[random].zip

Hello Dear,

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced features include:

- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today please open attached file.

Copyright 2011 Adobe Systems Incorporated. All rights reserved.
TrackNum: [random ref number]

Adobe Systems Incorporated,

Each email is slightly different, incorporating different reference numbers in the subject line, attached filename and message body. But the samples seen so far by Sophos all carry malware in the file "Adobe Systems Software Critical Update Dec 2011.exe" contained within the ZIP.

Computer users need to learn that Adobe never sends up software updates as an email attachment, and any legitimate upgrades should always be downloaded from Adobe's own website. It's trivial for a malicious hacker to forge an email header to trick the unwary into believing an email has been sent from someone else - so just because it claims to be from Adobe, doesn't mean that it was sent by them.

Sophos products are detecting the ZIP file as Troj/BredoZp-GY and intercepting the messages as spam.

, ,

You might like

10 Responses to Beware Adobe Software Upgrade Notification - malware attached!

  1. Ratdog · 1402 days ago

    I got it too. A zip file attached to an ADOBE update. Do not unzip. Delete the email. ADOBE do not send upadtes like this nor do anyone else.

  2. Child · 1402 days ago

    Thank you.

  3. Lisa · 1402 days ago

    i have never opened any files, nor do i think i got that email but my adobe is acting weird...i just had a box pop up and ask me if i want to download a language pack for adobe and i wasn't anywhere near adobe at the time...could this be a virus? i did have the win/32cryptor trojan this week

  4. guest · 1402 days ago

    could they be doing this on youtube to? When I watch videos it says please upgrade to adobe I exit out of the page bring a new one up and it goes away it's happened several times.

  5. TrouterUSA · 1402 days ago

    I have to say, the grammar in the email screams 'I'm not legit; just some hacker that doesn't really know English that well'!

  6. Ned Ludd · 1402 days ago

    "Hello dear?" From Adobe corporate HQ? I suppose Microsoft regularly sends out emails starting "Wotcher cock," or "how's it hanging?"

  7. Dawn · 1401 days ago

    why do people still insist on opening attachments within emails!!! I always ensure that I go direct to the website and see from there whether the email has been correct - that is of course if I am at all interested in what I have been sent!! It's not difficult and saves a whole can of worms being opened! We need to teach people - DO NOT click links within emails!!

  8. Paul · 1399 days ago

    I received an e-mail around a week ago purporting to be from Adobe. Unfortunately they couldn't even get the subject right, they spelt is as "Abobe".

  9. Dan · 1344 days ago

    I had an adobe update come up with their logo in my lower right hand tool bar. I did it and than started to wonder if it was legit???? I saw something flashing by about registry files being changed. Is this bad?????

    • Robert Wurzburg · 1294 days ago

      Adobe Reader has an autoupdater feature, which is most likely what you saw
      in your tasktray. When the program legitimately updates, you will see several
      messages in the update window as it proceeds to download, then install. It
      will tell you the steps it is taking as it progresses installig the update.
      Sounds like yours were legitimate. I've never heard of any malware using the
      tasktray to launch an 'update' for Adobe, or other legitimate program for that
      Watch your screen carefully, and learn to recognize legitimate updating pro-
      cesses as they happen. They will not vary in sequence nor execution steps.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley