RE: [SPAM] Re: What the heck?

[Don Guyer]

Bad grammar is always a giveaway.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: Simon Butler [mailto:si...@sembee.co.uk] 
Sent: Tuesday, June 01, 2010 3:33 PM
To: NT System Admin Issues
Subject: RE: [SPAM] Re: What the heck?

 

Reminded me of this that I received over the weekend. 

Looks like they are going after those who have heard all the reports
about the problems with adobe PDF. 

 

I have modified the URLs to make sure they aren't clickable. 

 

Simon. 

 

 

 

 

From: Adobe PDF Reader [mailto:supp...@adobe-pdf-solutions.org] 

Sent: 29 May 2010 19:31

To: Simon Butler

Subject: Update New Adobe PDF Reader For Windows

 

Dear valued customers,

 

We are pleased to announce new release of Adobe PDF 2010 which will give
you more options to view, create, edit, print and share PDF documents.
You will not have to look around for help anymore ! 

 

+ 50% of your daily office works requires document handling. 

+ 70% of your documents requires extra processing. 

+ 15-20% of your documents requires exchanging with your peers,
customers or partners. 

+ 30% of such documents are in PDF format, and you need to view, edit,
print and share them.  

 

To learn more about new features and install Adobe PDF 2010, please:

 

+ Go to: http:// www.adobe-pdf-solutions. org/

+ Choose your options, download and start to improve your works.

 

A full version of Office suite is also available for your download.

 

DOWNLOAD TODAY: http:// www.adobe-pdf-solutions. org/

 

Best regards,

 

Adobe PDF 2010

--

Copy rights PDF Pro 2010 (c) All rights reserved

124 Denver St., Bluepoint, CA 91732, USA

Website: http://www.adobe-pdf-solutions.org/

 

From: Sean Martin [mailto:seanmarti...@gmail.com] 
Sent: 01 June 2010 20:16
To: NT System Admin Issues
Subject: [SPAM] Re: What the heck?

 

We've been seeing this today also.

 

- Sean

On Tue, Jun 1, 2010 at 9:34 AM, David McSpadden  wrote:

Ok so my users are getting this right now.  I have blocked the ip with
Ironport and sent the email saying not to open it but to delete it.

Anyone else getting this crap today?

 

 

 

 

 

 

If you already received this information before and action has been
taken, then please ignore.

 

This important information about a security vulnerability requires your
immediate attention!

 

All systems detected using Adobe products have been sent out this e-mail
and are all requested to update their systems urgently.

Kindly follow the instructions in the e-mail as forwarded below.

 

Failure to comply will result in all financial and non financial loss to
be a liability of the receiver.

 

Please treat this e-mail as a matter of urgency. No further follow up
warning will be sent.

 

**This e-mail is a computer generated e-mail from ad...@imcu.com and
does not require a reply**

 

 

--- On Fri, 5/28/10, Richard Barnett  wrote: ---

From: Richard Barnett 

To: Administrator 

Subject: Adobe Security Update

Date: Friday, May 28, 2010, 11:24 AM

 

Broadcast message:

Adobe has issued a directive which states that all systems running their
software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been
discovered on several systems running the previously released version of
the software, which has been further documented on security sites such
as http://www.securityfocus.com/bid/39524

It is strongly advised that all systems running the Adobe software is
updated with the latest security patch to avoid further situations
hampering the security and integrity of the system. Failure to follow
the directive would mean that any loss which occurs due to the
negligence will be a liability of the company and not Adobe. The link to
update the system with the latest patch and instructions are provided
below:

 

Download the instructions here: http://190.144.101.204/adobe/update.pdf
(requires Adobe Acrobat Reader).

To update your system, download the installation file here:
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).

(Read first the instructions before updating the system)

 

 

Your urgent attention is most appreciated,

 

Richard Barnett

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-587-3932

rbarn...@adobe.com

 

---

Disclaimer: 

This e-mail message and information contained in or attached to this
message is privileged, confidential, and protected from disclosure and
is intended only for the person or entity to which it is addressed. Any
review, re-transmission, dissemination, printing or other use of, or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited.

 

 

 

 

 

 

 

 

 

 

~ Finall

RE: [SPAM] Re: What the heck?

[Simon Butler]

Reminded me of this that I received over the weekend.
Looks like they are going after those who have heard all the reports about the 
problems with adobe PDF.

I have modified the URLs to make sure they aren't clickable.

Simon.




From: Adobe PDF Reader [mailto:supp...@adobe-pdf-solutions.org]
Sent: 29 May 2010 19:31
To: Simon Butler
Subject: Update New Adobe PDF Reader For Windows

Dear valued customers,

We are pleased to announce new release of Adobe PDF 2010 which will give you 
more options to view, create, edit, print and share PDF documents. You will not 
have to look around for help anymore !

+ 50% of your daily office works requires document handling.
+ 70% of your documents requires extra processing.
+ 15-20% of your documents requires exchanging with your peers, customers or 
partners.
+ 30% of such documents are in PDF format, and you need to view, edit, print 
and share them.

To learn more about new features and install Adobe PDF 2010, please:
+ Go to: http:// www.adobe-pdf-solutions. org/
+ Choose your options, download and start to improve your works.
A full version of Office suite is also available for your download.
DOWNLOAD TODAY: http:// www.adobe-pdf-solutions. org/
Best regards,
Adobe PDF 2010
--
Copy rights PDF Pro 2010 (c) All rights reserved
124 Denver St., Bluepoint, CA 91732, USA
Website: http://www.adobe-pdf-solutions.org/

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: 01 June 2010 20:16
To: NT System Admin Issues
Subject: [SPAM] Re: What the heck?

We've been seeing this today also.

- Sean
On Tue, Jun 1, 2010 at 9:34 AM, David McSpadden 
mailto:dav...@imcu.com>> wrote:
Ok so my users are getting this right now.  I have blocked the ip with Ironport 
and sent the email saying not to open it but to delete it.
Anyone else getting this crap today?






If you already received this information before and action has been taken, then 
please ignore.

This important information about a security vulnerability requires your 
immediate attention!

All systems detected using Adobe products have been sent out this e-mail and 
are all requested to update their systems urgently.
Kindly follow the instructions in the e-mail as forwarded below.

Failure to comply will result in all financial and non financial loss to be a 
liability of the receiver.

Please treat this e-mail as a matter of urgency. No further follow up warning 
will be sent.

**This e-mail is a computer generated e-mail from 
ad...@imcu.com<mailto:ad...@imcu.com> and does not require a reply**


--- On Fri, 5/28/10, Richard Barnett 
mailto:rbarn...@adobe.com>> wrote: ---
From: Richard Barnett mailto:rbarn...@adobe.com>>
To: Administrator mailto:ad...@imcu.com>>
Subject: Adobe Security Update
Date: Friday, May 28, 2010, 11:24 AM

Broadcast message:
Adobe has issued a directive which states that all systems running their 
software should be patched for the latest security glitch.
The CVE-2010-0193 Denial of Service Vulnerability has recently been discovered 
on several systems running the previously released version of the software, 
which has been further documented on security sites such as 
http://www.securityfocus.com/bid/39524
It is strongly advised that all systems running the Adobe software is updated 
with the latest security patch to avoid further situations hampering the 
security and integrity of the system. Failure to follow the directive would 
mean that any loss which occurs due to the negligence will be a liability of 
the company and not Adobe. The link to update the system with the latest patch 
and instructions are provided below:

Download the instructions here: http://190.144.101.204/adobe/update.pdf 
(requires Adobe Acrobat Reader).
To update your system, download the installation file here: 
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
(Read first the instructions before updating the system)


Your urgent attention is most appreciated,

Richard Barnett
Adobe Risk Management
345 Park Avenue
San Jose, CA 95110-2704
Tel: 408-587-3932
rbarn...@adobe.com<mailto:rbarn...@adobe.com>

---
Disclaimer:
This e-mail message and information contained in or attached to this message is 
privileged, confidential, and protected from disclosure and is intended only 
for the person or entity to which it is addressed. Any review, re-transmission, 
dissemination, printing or other use of, or taking of any action in reliance 
upon this information by persons or entities other than the intended recipient 
is prohibited.













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: What the heck?

[Sean Martin]

We've been seeing this today also.

- Sean

On Tue, Jun 1, 2010 at 9:34 AM, David McSpadden  wrote:

>  Ok so my users are getting this right now.  I have blocked the ip with
> Ironport and sent the email saying not to open it but to delete it.
>
> Anyone else getting this crap today?
>
>
>
>
>
>
>
>
>
>
>
>
>
> If you already received this information before and action has been taken,
> then please ignore.
>
>
>
> This important information about a security vulnerability requires your
> immediate attention!
>
>
>
> All systems detected using Adobe products have been sent out this e-mail
> and are all requested to update their systems urgently.
>
> Kindly follow the instructions in the e-mail as forwarded below.
>
>
>
> Failure to comply will result in all financial and non financial loss to be
> a liability of the receiver.
>
>
>
> Please treat this e-mail as a matter of urgency. No further follow up
> warning will be sent.
>
>
>
> **This e-mail is a computer generated e-mail from ad...@imcu.com and does
> not require a reply**
>
>
>
>
>
> --- On Fri, 5/28/10, Richard Barnett  wrote: ---
>
> From: Richard Barnett 
>
> To: Administrator 
>
> Subject: Adobe Security Update
>
> Date: Friday, May 28, 2010, 11:24 AM
>
>
>
> Broadcast message:
>
> Adobe has issued a directive which states that all systems running their
> software should be patched for the latest security glitch.
>
> The CVE-2010-0193 Denial of Service Vulnerability has recently been
> discovered on several systems running the previously released version of the
> software, which has been further documented on security sites such as
> http://www.securityfocus.com/bid/39524
>
> It is strongly advised that all systems running the Adobe software is
> updated with the latest security patch to avoid further situations hampering
> the security and integrity of the system. Failure to follow the directive
> would mean that any loss which occurs due to the negligence will be a
> liability of the company and not Adobe. The link to update the system with
> the latest patch and instructions are provided below:
>
>
>
> Download the instructions here: 
> http://190.144.101.204/adobe/update.pdf(requires Adobe Acrobat Reader).
>
> To update your system, download the installation file here:
> http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
>
> (Read first the instructions before updating the system)
>
>
>
>
>
> Your urgent attention is most appreciated,
>
>
>
> Richard Barnett
>
> Adobe Risk Management
>
> 345 Park Avenue
>
> San Jose, CA 95110-2704
>
> Tel: 408-587-3932
>
> rbarn...@adobe.com
>
>
>
> ---
>
> Disclaimer:
>
> This e-mail message and information contained in or attached to this
> message is privileged, confidential, and protected from disclosure and is
> intended only for the person or entity to which it is addressed. Any review,
> re-transmission, dissemination, printing or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited.
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[Alex Eckelberry]

Actually the PDF doesn't appear malicious.  But I haven't had the labs look at 
it yet.

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Tuesday, June 01, 2010 2:42 PM
To: NT System Admin Issues
Subject: Re: What the heck?

I was figuring both the EXE  *and* the PDF were 
On Tue, Jun 1, 2010 at 2:33 PM, Alex Eckelberry 
mailto:al...@sunbelt-software.com>> wrote:
The exe below is malware (I suppose everyone figured that out).


From: David McSpadden [mailto:dav...@imcu.com<mailto:dav...@imcu.com>]
Sent: Tuesday, June 01, 2010 1:34 PM

To: NT System Admin Issues
Subject: What the heck?

Ok so my users are getting this right now.  I have blocked the ip with Ironport 
and sent the email saying not to open it but to delete it.
Anyone else getting this crap today?






If you already received this information before and action has been taken, then 
please ignore.

This important information about a security vulnerability requires your 
immediate attention!

All systems detected using Adobe products have been sent out this e-mail and 
are all requested to update their systems urgently.
Kindly follow the instructions in the e-mail as forwarded below.

Failure to comply will result in all financial and non financial loss to be a 
liability of the receiver.

Please treat this e-mail as a matter of urgency. No further follow up warning 
will be sent.

**This e-mail is a computer generated e-mail from 
ad...@imcu.com<mailto:ad...@imcu.com> and does not require a reply**


--- On Fri, 5/28/10, Richard Barnett 
mailto:rbarn...@adobe.com>> wrote: ---
From: Richard Barnett mailto:rbarn...@adobe.com>>
To: Administrator mailto:ad...@imcu.com>>
Subject: Adobe Security Update
Date: Friday, May 28, 2010, 11:24 AM

Broadcast message:
Adobe has issued a directive which states that all systems running their 
software should be patched for the latest security glitch.
The CVE-2010-0193 Denial of Service Vulnerability has recently been discovered 
on several systems running the previously released version of the software, 
which has been further documented on security sites such as 
http://www.securityfocus.com/bid/39524
It is strongly advised that all systems running the Adobe software is updated 
with the latest security patch to avoid further situations hampering the 
security and integrity of the system. Failure to follow the directive would 
mean that any loss which occurs due to the negligence will be a liability of 
the company and not Adobe. The link to update the system with the latest patch 
and instructions are provided below:

Download the instructions here: http://190.144.101.204/adobe/update.pdf 
(requires Adobe Acrobat Reader).
To update your system, download the installation file here: 
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
(Read first the instructions before updating the system)


Your urgent attention is most appreciated,

Richard Barnett
Adobe Risk Management
345 Park Avenue
San Jose, CA 95110-2704
Tel: 408-587-3932
rbarn...@adobe.com<mailto:rbarn...@adobe.com>

---
Disclaimer:
This e-mail message and information contained in or attached to this message is 
privileged, confidential, and protected from disclosure and is intended only 
for the person or entity to which it is addressed. Any review, re-transmission, 
dissemination, printing or other use of, or taking of any action in reliance 
upon this information by persons or entities other than the intended recipient 
is prohibited.

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: What the heck?

[Erik Goldoff]

I was figuring both the EXE  *and* the PDF were 

On Tue, Jun 1, 2010 at 2:33 PM, Alex Eckelberry
wrote:

>  The exe below is malware (I suppose everyone figured that out).
>
>
>
>
>
> *From:* David McSpadden [mailto:dav...@imcu.com]
> *Sent:* Tuesday, June 01, 2010 1:34 PM
>
> *To:* NT System Admin Issues
> *Subject:* What the heck?
>
>
>
> Ok so my users are getting this right now.  I have blocked the ip with
> Ironport and sent the email saying not to open it but to delete it.
>
> Anyone else getting this crap today?
>
>
>
>
>
>
>
>
>
>
>
>
>
> If you already received this information before and action has been taken,
> then please ignore.
>
>
>
> This important information about a security vulnerability requires your
> immediate attention!
>
>
>
> All systems detected using Adobe products have been sent out this e-mail
> and are all requested to update their systems urgently.
>
> Kindly follow the instructions in the e-mail as forwarded below.
>
>
>
> Failure to comply will result in all financial and non financial loss to be
> a liability of the receiver.
>
>
>
> Please treat this e-mail as a matter of urgency. No further follow up
> warning will be sent.
>
>
>
> **This e-mail is a computer generated e-mail from ad...@imcu.com and does
> not require a reply**
>
>
>
>
>
> --- On Fri, 5/28/10, Richard Barnett  wrote: ---
>
> From: Richard Barnett 
>
> To: Administrator 
>
> Subject: Adobe Security Update
>
> Date: Friday, May 28, 2010, 11:24 AM
>
>
>
> Broadcast message:
>
> Adobe has issued a directive which states that all systems running their
> software should be patched for the latest security glitch.
>
> The CVE-2010-0193 Denial of Service Vulnerability has recently been
> discovered on several systems running the previously released version of the
> software, which has been further documented on security sites such as
> http://www.securityfocus.com/bid/39524
>
> It is strongly advised that all systems running the Adobe software is
> updated with the latest security patch to avoid further situations hampering
> the security and integrity of the system. Failure to follow the directive
> would mean that any loss which occurs due to the negligence will be a
> liability of the company and not Adobe. The link to update the system with
> the latest patch and instructions are provided below:
>
>
>
> Download the instructions here: 
> http://190.144.101.204/adobe/update.pdf(requires Adobe Acrobat Reader).
>
> To update your system, download the installation file here:
> http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
>
> (Read first the instructions before updating the system)
>
>
>
>
>
> Your urgent attention is most appreciated,
>
>
>
> Richard Barnett
>
> Adobe Risk Management
>
> 345 Park Avenue
>
> San Jose, CA 95110-2704
>
> Tel: 408-587-3932
>
> rbarn...@adobe.com
>
>
>
> ---
>
> Disclaimer:
>
> This e-mail message and information contained in or attached to this
> message is privileged, confidential, and protected from disclosure and is
> intended only for the person or entity to which it is addressed. Any review,
> re-transmission, dissemination, printing or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[David W. McSpadden]

Did Ninja catch it or did you have to scan it manually??



 

  _  

From: Alex Eckelberry [mailto:al...@sunbelt-software.com] 
Sent: Tuesday, June 01, 2010 2:34 PM
To: NT System Admin Issues
Subject: RE: What the heck?

 

The exe below is malware (I suppose everyone figured that out). 

 

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Tuesday, June 01, 2010 1:34 PM
To: NT System Admin Issues
Subject: What the heck?

 

Ok so my users are getting this right now.  I have blocked the ip with
Ironport and sent the email saying not to open it but to delete it.

Anyone else getting this crap today?

 

 

 

 

 

 

If you already received this information before and action has been taken,
then please ignore.

 

This important information about a security vulnerability requires your
immediate attention!

 

All systems detected using Adobe products have been sent out this e-mail and
are all requested to update their systems urgently.

Kindly follow the instructions in the e-mail as forwarded below.

 

Failure to comply will result in all financial and non financial loss to be
a liability of the receiver.

 

Please treat this e-mail as a matter of urgency. No further follow up
warning will be sent.

 

**This e-mail is a computer generated e-mail from ad...@imcu.com and does
not require a reply**

 

 

--- On Fri, 5/28/10, Richard Barnett  wrote: ---

From: Richard Barnett 

To: Administrator 

Subject: Adobe Security Update

Date: Friday, May 28, 2010, 11:24 AM

 

Broadcast message:

Adobe has issued a directive which states that all systems running their
software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been
discovered on several systems running the previously released version of the
software, which has been further documented on security sites such as
http://www.securityfocus.com/bid/39524

It is strongly advised that all systems running the Adobe software is
updated with the latest security patch to avoid further situations hampering
the security and integrity of the system. Failure to follow the directive
would mean that any loss which occurs due to the negligence will be a
liability of the company and not Adobe. The link to update the system with
the latest patch and instructions are provided below:

 

Download the instructions here: http://190.144.101.204/adobe/update.pdf
(requires Adobe Acrobat Reader).

To update your system, download the installation file here:
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).

(Read first the instructions before updating the system)

 

 

Your urgent attention is most appreciated,

 

Richard Barnett

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-587-3932

rbarn...@adobe.com

 

---

Disclaimer: 

This e-mail message and information contained in or attached to this message
is privileged, confidential, and protected from disclosure and is intended
only for the person or entity to which it is addressed. Any review,
re-transmission, dissemination, printing or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited.

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: What the heck?

[Alex Eckelberry]

The exe below is malware (I suppose everyone figured that out).


From: David McSpadden [mailto:dav...@imcu.com]
Sent: Tuesday, June 01, 2010 1:34 PM
To: NT System Admin Issues
Subject: What the heck?

Ok so my users are getting this right now.  I have blocked the ip with Ironport 
and sent the email saying not to open it but to delete it.
Anyone else getting this crap today?






If you already received this information before and action has been taken, then 
please ignore.

This important information about a security vulnerability requires your 
immediate attention!

All systems detected using Adobe products have been sent out this e-mail and 
are all requested to update their systems urgently.
Kindly follow the instructions in the e-mail as forwarded below.

Failure to comply will result in all financial and non financial loss to be a 
liability of the receiver.

Please treat this e-mail as a matter of urgency. No further follow up warning 
will be sent.

**This e-mail is a computer generated e-mail from ad...@imcu.com and does not 
require a reply**


--- On Fri, 5/28/10, Richard Barnett  wrote: ---
From: Richard Barnett 
To: Administrator 
Subject: Adobe Security Update
Date: Friday, May 28, 2010, 11:24 AM

Broadcast message:
Adobe has issued a directive which states that all systems running their 
software should be patched for the latest security glitch.
The CVE-2010-0193 Denial of Service Vulnerability has recently been discovered 
on several systems running the previously released version of the software, 
which has been further documented on security sites such as 
http://www.securityfocus.com/bid/39524
It is strongly advised that all systems running the Adobe software is updated 
with the latest security patch to avoid further situations hampering the 
security and integrity of the system. Failure to follow the directive would 
mean that any loss which occurs due to the negligence will be a liability of 
the company and not Adobe. The link to update the system with the latest patch 
and instructions are provided below:

Download the instructions here: http://190.144.101.204/adobe/update.pdf 
(requires Adobe Acrobat Reader).
To update your system, download the installation file here: 
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
(Read first the instructions before updating the system)


Your urgent attention is most appreciated,

Richard Barnett
Adobe Risk Management
345 Park Avenue
San Jose, CA 95110-2704
Tel: 408-587-3932
rbarn...@adobe.com

---
Disclaimer:
This e-mail message and information contained in or attached to this message is 
privileged, confidential, and protected from disclosure and is intended only 
for the person or entity to which it is addressed. Any review, re-transmission, 
dissemination, printing or other use of, or taking of any action in reliance 
upon this information by persons or entities other than the intended recipient 
is prohibited.








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What the heck?

[Erik Goldoff]

well, with known pdf exploits, I wasn't about to click the link to open
*their* document 

On Tue, Jun 1, 2010 at 2:07 PM, Ben Scott  wrote:

> On Tue, Jun 1, 2010 at 1:47 PM, Erik Goldoff  wrote:
> > I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
> > security information and patches from that country 
>
>  I particularly like the PDF with the spoofed Adobe security
> advisory.  It looks just like something a company would put out, and
> certainly Adobe loves PDF.
>
>  The use of a bare IP address in the URLs is a dead giveaway, though.
>  If they had employed some URL obfuscation techniques, it would be
> much more difficult to spot at first glance.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[David W. McSpadden]

Looks like they are down now.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, June 01, 2010 2:07 PM
To: NT System Admin Issues
Subject: Re: What the heck?

On Tue, Jun 1, 2010 at 1:47 PM, Erik Goldoff  wrote:
> I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
> security information and patches from that country 

  I particularly like the PDF with the spoofed Adobe security
advisory.  It looks just like something a company would put out, and
certainly Adobe loves PDF.

  The use of a bare IP address in the URLs is a dead giveaway, though.
 If they had employed some URL obfuscation techniques, it would be
much more difficult to spot at first glance.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: What the heck?

[Ben Scott]

On Tue, Jun 1, 2010 at 1:47 PM, Erik Goldoff  wrote:
> I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
> security information and patches from that country 

  I particularly like the PDF with the spoofed Adobe security
advisory.  It looks just like something a company would put out, and
certainly Adobe loves PDF.

  The use of a bare IP address in the URLs is a dead giveaway, though.
 If they had employed some URL obfuscation techniques, it would be
much more difficult to spot at first glance.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[David W. McSpadden]

Phone number is disconnected too.  Adobe is having a rough month.

 

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Tuesday, June 01, 2010 1:48 PM
To: NT System Admin Issues
Subject: Re: What the heck?

 

Hmmm, the numerical IP address later in the body of the message seems to
belong to someone in Bogota Columbia 
I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
security information and patches from that country 

 

MORE social engineering.

On Tue, Jun 1, 2010 at 1:34 PM, David McSpadden  wrote:

Ok so my users are getting this right now.  I have blocked the ip with
Ironport and sent the email saying not to open it but to delete it.

Anyone else getting this crap today?

 

 

 

 

 

 

If you already received this information before and action has been taken,
then please ignore.

 

This important information about a security vulnerability requires your
immediate attention!

 

All systems detected using Adobe products have been sent out this e-mail and
are all requested to update their systems urgently.

Kindly follow the instructions in the e-mail as forwarded below.

 

Failure to comply will result in all financial and non financial loss to be
a liability of the receiver.

 

Please treat this e-mail as a matter of urgency. No further follow up
warning will be sent.

 

**This e-mail is a computer generated e-mail from ad...@imcu.com and does
not require a reply**

 

 

--- On Fri, 5/28/10, Richard Barnett  wrote: ---

From: Richard Barnett 

To: Administrator 

Subject: Adobe Security Update

Date: Friday, May 28, 2010, 11:24 AM

 

Broadcast message:

Adobe has issued a directive which states that all systems running their
software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been
discovered on several systems running the previously released version of the
software, which has been further documented on security sites such as
http://www.securityfocus.com/bid/39524

It is strongly advised that all systems running the Adobe software is
updated with the latest security patch to avoid further situations hampering
the security and integrity of the system. Failure to follow the directive
would mean that any loss which occurs due to the negligence will be a
liability of the company and not Adobe. The link to update the system with
the latest patch and instructions are provided below:

 

Download the instructions here: http://190.144.101.204/adobe/update.pdf
(requires Adobe Acrobat Reader).

To update your system, download the installation file here:
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).

(Read first the instructions before updating the system)

 

 

Your urgent attention is most appreciated,

 

Richard Barnett

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-587-3932

rbarn...@adobe.com

 

---

Disclaimer: 

This e-mail message and information contained in or attached to this message
is privileged, confidential, and protected from disclosure and is intended
only for the person or entity to which it is addressed. Any review,
re-transmission, dissemination, printing or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited.

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: What the heck?

[Erik Goldoff]

Hmmm, the numerical IP address later in the body of the message seems to
belong to someone in Bogota Columbia
I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
security information and patches from that country 

MORE social engineering.
On Tue, Jun 1, 2010 at 1:34 PM, David McSpadden  wrote:

>  Ok so my users are getting this right now.  I have blocked the ip with
> Ironport and sent the email saying not to open it but to delete it.
>
> Anyone else getting this crap today?
>
>
>
>
>
>
>
>
>
>
>
>
>
> If you already received this information before and action has been taken,
> then please ignore.
>
>
>
> This important information about a security vulnerability requires your
> immediate attention!
>
>
>
> All systems detected using Adobe products have been sent out this e-mail
> and are all requested to update their systems urgently.
>
> Kindly follow the instructions in the e-mail as forwarded below.
>
>
>
> Failure to comply will result in all financial and non financial loss to be
> a liability of the receiver.
>
>
>
> Please treat this e-mail as a matter of urgency. No further follow up
> warning will be sent.
>
>
>
> **This e-mail is a computer generated e-mail from ad...@imcu.com and does
> not require a reply**
>
>
>
>
>
> --- On Fri, 5/28/10, Richard Barnett  wrote: ---
>
> From: Richard Barnett 
>
> To: Administrator 
>
> Subject: Adobe Security Update
>
> Date: Friday, May 28, 2010, 11:24 AM
>
>
>
> Broadcast message:
>
> Adobe has issued a directive which states that all systems running their
> software should be patched for the latest security glitch.
>
> The CVE-2010-0193 Denial of Service Vulnerability has recently been
> discovered on several systems running the previously released version of the
> software, which has been further documented on security sites such as
> http://www.securityfocus.com/bid/39524
>
> It is strongly advised that all systems running the Adobe software is
> updated with the latest security patch to avoid further situations hampering
> the security and integrity of the system. Failure to follow the directive
> would mean that any loss which occurs due to the negligence will be a
> liability of the company and not Adobe. The link to update the system with
> the latest patch and instructions are provided below:
>
>
>
> Download the instructions here: 
> http://190.144.101.204/adobe/update.pdf(requires Adobe Acrobat Reader).
>
> To update your system, download the installation file here:
> http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
>
> (Read first the instructions before updating the system)
>
>
>
>
>
> Your urgent attention is most appreciated,
>
>
>
> Richard Barnett
>
> Adobe Risk Management
>
> 345 Park Avenue
>
> San Jose, CA 95110-2704
>
> Tel: 408-587-3932
>
> rbarn...@adobe.com
>
>
>
> ---
>
> Disclaimer:
>
> This e-mail message and information contained in or attached to this
> message is privileged, confidential, and protected from disclosure and is
> intended only for the person or entity to which it is addressed. Any review,
> re-transmission, dissemination, printing or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited.
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~