« Wire Transfer Malware Lure | Main | Idiot Bank of America Phisher »

November 17, 2011

This is getting pretty tiresome (here and here) but the spammed email content is different enough to note.

Here's a sample message (order number in the Subject: field varies from message to message):

From: [variable random name] <support@adobe.com>
Subject: Order N41066

Good day,

You can download your Adobe CS4 License here -

We encourage you to explore its new and enhanced capabilities with these helpful tips, tutorials, and eSeminars.
Thank you for buying Adobe InDesign CS4 software.
Adobe Systems Incorporated

It's not clear why they're promoting an older generation of Adobe CS, since there is no Adobe product at the end of this rainbow anyway. Perhaps it's just a distraction to make the recipient think about something other than the possibility that the link is potentially extremely dangerous.

As with recent mailings with different content designed to get you to click without thinking, the current links go to HTML pages of hijacked legitimate web sites. The pages contain an iframe element that loads a main.php program from a Russian web site. That program serves up an obfuscated JavaScript script that can start your PC down the road to surrender. I've seen only a handful of Russian (.ru) domains in these iframe URLs over the past weeks, so they must be hosted on bulletproof services.

I'm officially bored with the whole thing but will continue to post future emails that employ different social engineering tactics.