Fake Skype and Adobe Acrobat Reader emails

Where members can post anything unrelated to the fight against spam.

Fake Skype and Adobe Acrobat Reader emails

Postby trobbins » Tue Apr 12, 2011 12:48 pm

I received two emails that look convincingly real.
One from Skype touting Voip Addons update going to....
news. mondino. de/go/13/EGRHGQY-1UZ23CQ-1UZ23CO-1BR2T7G.com

Another from Adobe for Acrobat Reader stating there is an update going to.....
www. acrobat-download1. com
User avatar
trobbins
Spammers' Nightmare
 
Posts: 2556
Joined: Thu Apr 12, 2007 6:55 pm

Re: Fake Skype and Adobe Acrobat Reader emails

Postby randy67 » Tue Apr 12, 2011 11:48 pm

My email had www. acrobat-download6. com which redirected elsewhere.
You yet did not try SPICE? Not the SPAM!!!
randy67
Spam Reporter
 
Posts: 125
Joined: Fri Aug 25, 2006 7:48 pm

Re: Fake Skype and Adobe Acrobat Reader emails

Postby trobbins » Wed Apr 13, 2011 12:49 am

All three links are now dead.
User avatar
trobbins
Spammers' Nightmare
 
Posts: 2556
Joined: Thu Apr 12, 2007 6:55 pm

Re: Fake Skype and Adobe Acrobat Reader emails

Postby meep » Wed Apr 13, 2011 10:53 am

I haven't noticed those yet, but those updates should be Malware category. :) I will see if I can find some myself as time permits.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: Fake Skype and Adobe Acrobat Reader emails

Postby Red Dwarf » Wed Apr 13, 2011 4:37 pm

Still alive = acrobat-reader10-download.com both as a site and as a name server domain.

And it is a redirection from this one, still alive = acrobat-download1.com
This document may be found <a HREF="http://www.acrobat-reader10-download.com/"

Look out for the others, so far acrobat-download2.com

They also have IP blocking for known anti-spammers :-)

Hosting IPs

122.224.4.113 = NINBO-LANZHONG-LTD, China, abuse - anti-spam@mail.sxptt.zj.cn
213.133.160.241 = IT Systems LLC., Kiev, Ukraine, abuse - abuse@itsinternet.net

Clicking the download button on the phishing site takes you to the next stage at http://secureonlineweb.su
If you work through that you get to the unsecure page requesting your credit card,

Although maybe irrelevant, it has a trailer
Multibill is a site of Multibill
© Copyright 1999-2011, Virtual Access Internet BV, the Netherlands
http://www.vxsbill.com/

Presumably, however, they are simply harvesting credit cards right there themselves.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am


Return to Unrelated to Spam

Who is online

Users browsing this forum: Yahoo [Bot], Yandex [Bot] and 2 guests

cron