Download Adobe Reader 10 Alternative scam

Categorized | Security

MX Lab reported earlier on regarding a malicious spam campaign regarding an offer to download and buy PDF Reader/Writer for Windows and Mac in the articles Malicious spam campaign regarding Adobe Acrobat 2010 PDF Reader and VOIP Addons for Skype and Emails offering PDF Reader 2010 lead to unsecure payment site.

MX Lab noticed a new version that will offer the latest PDF Reader. The emails have the subject “Download Adobe Reader 10 Alternative” with the email address dailynews_dec09@m120.redmediaone.com.

This is the body of the email:

Following the link to the web site will lead us here:

When clicking on the download button we have the following screen that looks very familiar:

Okay, let’s go throught the registration process:

The registration transactions are performed on the domain secure-signupway.com. This domain is know for fraudulent payment processing so your credit card details will end up in the wrong hands.

Now, this is also interesting. The domain from where the message is sent, redmediaone.com, has protected registrant details in the WHOIS.

Registrant:
   redmediaone.com
   c/o Whois Privacy Service
   PO BOX 501610
   San Diego, CA 92150-1610
   US

   Domain Name: REDMEDIAONE.COM

   Administrative Contact, Technical Contact, Zone Contact:
      redmediaone.com
      c/o Whois Privacy Service
      PO BOX 501610
      San Diego, CA 92150-1610
      US
      (619) 393-2111
      whois@emailaddressprotection.com

   Domain created on 18-May-2010
   Domain expires on 17-May-2012
   Last updated on 25-Mar-2011

   Domain servers in listed order:

      NS1.DOMAINDISCOVER.COM
      NS2.DOMAINDISCOVER.COM

In the message is the download URL and an unsubscribe URL present that is handled by http://list.onemediaclick.com/. And also iin this case, the registrant details are protected.

Domain Name: ONEMEDIACLICK.COM
Registrar: MONIKER

Registrant [3559862]:
        Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US

Administrative Contact [3559862]:
        Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Billing Contact [3559862]:
        Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Technical Contact [3559862]:
        Moniker Privacy Services ONEMEDIACLICK.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Domain servers in listed order:

        NS1.DOMAINSERVICE.COM         208.73.210.41
        NS2.DOMAINSERVICE.COM         208.73.211.42
        NS3.DOMAINSERVICE.COM
        NS4.DOMAINSERVICE.COM

        Record created on:        2011-02-14 12:05:30.0
        Database last updated on: 2011-02-14 12:05:32.93
        Domain Expires on:        2012-02-14 12:05:31.0

The web site of Onemediaclick:

These guys are, according to the address on the site, located in Switzerland. When trying to contact them through the web form, nothing happens. The <form> tags are not included in the web form when looking at the source. Seems to me that this whole business can not be trusted.

Adobe updates Reader and Acrobat
A little earlier as announced, Adobe released updated versions of Adobe Acrobat and Reader. These programs were vulnerable to the Flash Player zero-day-vulnerability as well, which was fixed last week...
New Zero-Day Attack in Adobe Products (CVE-2011-0611)
Last month, Adobe had released a security advisory and a product update about a critical flaw affecting Flash Player versions and a vulnerable component, authplay.dll, of Adobe Reader and Acrobat that...
Zero-Day Vulnerability in Adobe Flash Player, Reader and Acrobat
Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier ve...
Adobe Patches (shockwave, Flash, Reader & Coldfusion), (Wed, Feb 9th)
Just to add to the list of patches released: (thanks Frank, Ric, Jack): APSB11-01Security update available for Shockwave Player APSB11-02Security update available for Adobe Flash Player A...
Adobe Reader 9.4.2 and 10.0.1 Updates are out , (Tue, Feb 8th)
Adobe released updates for Reader for 9.4.2 and 10.0.1. While this page on Adobe's site doesn't actually list them correctly, if you drill down into the actual product and OS, you'll see the updates l...
Update: Researchers unsure why Adobe Reader X spoiled new PDF attack
Adobe's Reader X, last year's upgrade that features a "sandbox" designed to protect users from PDF exploits, stymied a recent attack campaign, researchers said. Full story: Network World on Securi...
SW Adobe to Update Reader and Acrobat on Patch Tuesday
Next Tuesday, on their regularly-scheduled quarterly Acrobat Patch Tuesday, Adobe will release security updates for all Windows and Mac Acrobat and Reader versions. Updates for the UNIX vers...
Adobe Reader X stops malicious PDF spam campaign dead in its tracks
A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader - Adobe Reader X. SophosLabs are currently seeing reports of a low-level attack, spamm...
Adobe update spam scam
Another site selling “memberships” for something that’s free Here’s the latest twist in the “membership” site scam: spam emails that tell potential victims to update their Adobe Reader include links...
PDF Reader Upgrade Scam
Over the past few days our spam traps have been receiving emails that claim to be from Adobe notifying the recipient of a software upgrade for Adobe Acrobat reader. Links in the e-mails direct the re...

Posted on 01 April 2011. Tags: Adobe, Alternative, download, reader, Scam

The above information is reprinted from and copyrighted © by MX Lab.

Comments are closed.

Security Status

Beware Facebook "Timeline" scams http://t.co/W5EW0cVv
5 months ago

Nigerian government (unknowingly) hosts phishing website http://t.co/uQd42ENw
5 months ago

PCMag Awards McAfee All Access its Editors’ Choice: SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee today announced... http://t.co/FakV7Vd8
5 months ago

RT @mikko: I hadn't noticed Google Maps has added 3D models of buildings. Here's a (very accurate) view of F-Secure HQ in Helsinki http://t.co/IKfAZlak
5 months ago

North Koreans aren't known for their online presence. But others may be lured into clicking Kim Jong-Il 'videos' too http://t.co/yQOon6YT
5 months ago

How to Protect Your Professional Reputation on Facebook Timeline http://t.co/I4bcR2VN
5 months ago

This is pretty impressive from @Softpedia: Facebook scans 2 trillion link clicks and blocks 220 million posts each day http://t.co/vKsn9gNl
5 months ago

Need for integrated approach to security in industrial control systems - http://t.co/tPBCNOow with @PikeResearch
5 months ago

Some free-based music we play at work http://t.co/xu5agZfc
5 months ago

Japan’s cyber defense weapon: a virus. It includes quotes by @Luis_Corrons via @InfosecurityMag
5 months ago

Categorized | Security

Download Adobe Reader 10 Alternative scam

Popular Posts

Recent Search Articles

Popular Search Articles

Categories

Security Status