Adobe Acrobat Reader update notification comes with malware


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Adobe Acrobat: Upgrade Needed”.

The email is send from the spoofed address “Adobe Update Notification <no-reply@adobe.com>” and has the following body:

Hello Dear,

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader
Advanced features include:

– Collaborate across borders
– Create rich, polished PDF files from any application that prints
– Ensure visual fidelity
– Encrypt and share PDF files more securely
– Use the standard for document archival and exchange

To upgrade and enhance your work productivity today please open attached file.

Copyright 2011 Adobe Systems Incorporated. All rights reserved.
TrackNum: YPK7XJ-5955527

Adobe Systems Incorporated,
Wed, 30 Nov 2011 16:45:33 +0100

The attached ZIP file has the name Adobe-Software-Update-VUREU328263.zip and contains the 203 kB large file AdobeSoftwareUpdate-20111130.exe. Note that the filenames can be different.

The trojan is known as Trojan.Generic.KDV.442070 (BitDefender), W32/Zbot.DD.gen!Eldorado (F-Prot), PWS-Zbot.gen.oe (McAfee), Troj/Kirje-B (Sophos)

At the time of writing, only 22 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and MD5: 22728244953af82281b37265060384c4.

One thought on “Adobe Acrobat Reader update notification comes with malware

Comments are closed.