Yesterday, our honeypots started detecting a dangerous new spam run, pushing a fake update for Outlook and Outlook Express.
Purporting to come from Microsoft, the spam pushes people to a web page which then redirects to a page serving a PDF exploit.
Clicking the link takes one to a “Microsoft” update page. One of several examples is shown here:
After a brief period of time, the user is redirected to an exploit page. The payload is Zbot.
This is an extremely dangerous spam run if you or your users are not fully updated on the latest versions of Adobe Acrobat. Get updated.
Alex Eckelberry