« More iTunes 2-Factor Phishing | Main | The Right Kind of Fear »

October 20, 2014

Received this scary (as in Halloween-scary) malware delivery that purports to come from Adobe (From: Adobe Billing; Subject: Adobe Invoice):

The attachment in my copy was a file named adb-102288-invoice.zip. If you get the same message, the number part of the file name will most likely be randomized, so don't expect a perfect name match.

What freaks me out about this mailing is that the .zip file passed through VirusTotal with a perfectly clean score. But woe be unto the person who opens that file. That warning should go for both Mac and Windows users (and perhaps even Android). The malware file has most likely been processed through known Bad Guy services that make just enough modifications to such files to eliminate (for a short time) the possibility of being filtered by antivirus incoming email checkers, yet still delivering the damaging part of the malware. Once the file has passed into recipients' inboxes...well, consider an army of undead, crawling through your computer and your company networks to suck brains.

If you try to be careful and check attachments against services such as VirusTotal, it's clear that such vigilance is not enough. Your suspicion radar dial must be turned up to eleven. In this case that would lead you to inspect the header of the email, where it clearly shows the email originated from a block of IP addresses in Morocco—not exactly in Adobe's backyard.

Incidentally, here is a genuine invoice payment notice from Adobe for Creative Cloud:

There is no attachment. Even so, I'm not a fan of the use of links to reach your account information. I'd rather they instruct recipients to log into https://accounts.adobe.com manually or via previously set browser bookmarks.