Select Page

Yesterday, our honeypots started detecting a dangerous new spam run, pushing a fake update for Outlook and Outlook Express.

Purporting to come from Microsoft, the spam pushes people to a web page which then redirects to a page serving a PDF exploit.

Msupdate12831238888p

Clicking the link takes one to a “Microsoft” update page. One of several examples is shown here:

Microsoftupdate128481234283488p_main

After a brief period of time, the user is redirected to an exploit page. The payload is Zbot.

This is an extremely dangerous spam run if you or your users are not fully updated on the latest versions of Adobe Acrobat. Get updated.

Alex Eckelberry