Security researchers warn of a new wave of spam emails promoting fake Adobe Reader updates, which direct users to scam sites trying to sell them sub-par software.The rogue messages bear subjects of “Action Required : Upgrade New Adobe Acrobat Reader 2011 For Windows And Mac.”
For more technical users the subject alone should be a dead giveaway that this is scam, because Adobe doesn’t use years in the versioning scheme of its Reader and Acrobat product line.
However, a lot of average users could be fouled by the emails, especially since this spam campaign happens to come at a time when Adobe is actually promoting a new major version of Adobe Reader, called Adobe Reader X (10.0).
In fact, the scammers are very likely aware of this, because in the email body they mention new enhancements that Adobe Reader X really has.
“This is to remind that a new version of Adobe Acrobat Reader with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released,” the fake message, allegedly signed by one John Watt of Adobe Acrobat Reader Support, reads.
The emails direct users to a website called www.adobe-2011-download.org, which advertises an application called PDF 2011, that has no connection to Adobe.
According to researchers from GFI Software (formerly Sunbelt), in order to obtain the product, users are asked to sign up for a VIP support plan and other additional services, including “one year full protection against intrusion with ETD Scanner for only $1.49/month.”
"A 60-day trial version that we downloaded installed successfully and wasn’t detected as malicious code by VIPRE or other AV sources, but didn’t download any signature updates, so, apparently the only detections it was capable of were those from 2004 (if it's functional at all)," Tom Kelchner, a security researcher with GFI, writes.
Such emails have actually hit people’s email inboxes since this summer and Adobe even issued an alert about them. The important thing to remember is that Adobe Reader is a free product and can be updated for free from the "Help > Check for updates" menu in its interface.