MX Lab reported earlier on regarding a malicious spam campaign regarding an offer to download and buy PDF Reader/Writer for Windows and Mac in the articles Malicious spam campaign regarding Adobe Acrobat 2010 PDF Reader and VOIP Addons for Skype and Emails offering PDF Reader 2010 lead to unsecure payment site.
MX Lab noticed a new version that will offer the latest PDF Reader. The emails have the subject “Download Adobe Reader 10 Alternative” with the email address dailynews_dec09@m120.redmediaone.com.
This is the body of the email:

Following the link to the web site will lead us here:

When clicking on the download button we have the following screen that looks very familiar:

Okay, let’s go throught the registration process:


The registration transactions are performed on the domain secure-signupway.com. This domain is know for fraudulent payment processing so your credit card details will end up in the wrong hands.
Now, this is also interesting. The domain from where the message is sent, redmediaone.com, has protected registrant details in the WHOIS.
Registrant:
redmediaone.com
c/o Whois Privacy Service
PO BOX 501610
San Diego, CA 92150-1610
US
Domain Name: REDMEDIAONE.COM
Administrative Contact, Technical Contact, Zone Contact:
redmediaone.com
c/o Whois Privacy Service
PO BOX 501610
San Diego, CA 92150-1610
US
(619) 393-2111
whois@emailaddressprotection.com
Domain created on 18-May-2010
Domain expires on 17-May-2012
Last updated on 25-Mar-2011
Domain servers in listed order:
NS1.DOMAINDISCOVER.COM
NS2.DOMAINDISCOVER.COM
In the message is the download URL and an unsubscribe URL present that is handled by http://list.onemediaclick.com/. And also iin this case, the registrant details are protected.
Domain Name: ONEMEDIACLICK.COM
Registrar: MONIKER
Registrant [3559862]:
Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Administrative Contact [3559862]:
Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155
Billing Contact [3559862]:
Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155
Technical Contact [3559862]:
Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155
Domain servers in listed order:
NS1.DOMAINSERVICE.COM 208.73.210.41
NS2.DOMAINSERVICE.COM 208.73.211.42
NS3.DOMAINSERVICE.COM
NS4.DOMAINSERVICE.COM
Record created on: 2011-02-14 12:05:30.0
Database last updated on: 2011-02-14 12:05:32.93
Domain Expires on: 2012-02-14 12:05:31.0
The web site of Onemediaclick:

These guys are, according to the address on the site, located in Switzerland. When trying to contact them through the web form, nothing happens. The <form> tags are not included in the web form when looking at the source. Seems to me that this whole business can not be trusted.