Email with Adobe license key attached contains a trojan
November 2, 2011 5 Comments
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your InDesign CS4 License key”.
The email is send from the spoofed address “Adobe <help-no.146@adobe.com>” and has the following body:
Hello,
Your Adobe CS4 License key is in attached document below.
We encourage you to explore its new and enhanced capabilities with these helpful tips, tutorials, and eSeminars.
Thank you for buying Adobe InDesign CS4 software.Adobe Systems Incorporated
The attached ZIP file has the name License_key_N7853.zip and contains the 47 kB large file License_key.exe.
Please note that the from email address, the subject, content and name of the attached file can change accordingly.
The trojan is known as Troj/Bredo-LK (Sophos), W32/Yakes.F.gen!Eldorado (F-Prot), Downloader.Chepvil (Symantec).
At the time of writing, only 7 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5: 09ecaf9fd2f4d7d42b0b4fde0f53b21e.
I just received it “from” the following address: Adobe Systems [account-no2532@adobe.com] and the following file name: License_key_N2784.zip.
I just received one with the “from” as information@adobe.com
I just received one with the from address (news-nr071@adobe.com).
I received this yesterday with the “from” as helping-ids724@adobe.com
I thought the email was odd, but I had just reinstalled InDesign CS4 on my wife’s macbook a couple of days before. So it definitely raised an eyebrow. But then I also noticed that the message we BCC’ed to an unrelated person with my same first name…
Mine came from help-no.2505@adobe.com