Beware of fake Adobe, Skype and Limewire upgrade, email scams
During the past week I have been receiving, classifying, reporting and deleting scam emails pushing links to fake upgrades for Adobe, Skype and the now defunct LimeWire programs. The bulk of these arrived over the past 24 hours, right up until a short time before I wrote this article. You need to be aware of the nature of these scams and make sure you don't fall for them.
Let's start with the most prevalent of the new scams: the fake Adobe Reader upgrade notices. It starts with the arrival of unexpected email messages spoofing that they were sent from Adobe Support. The subjects contain wording such as: "New Acrobat PDF Reader Has Released !" - followed by either Download or Upgrade Now. While the From field contains a plain text name that includes Adobe Support, or email.adobe.com, in the Prefix, it does not have an Adobe domain in the actual sender's email address. Rather, one may find, as I did, that they are spoofing the sender as an account at "hotels.octopustravel.com."
The message body includes an introduction in all capital letters (as of this writing), claiming: "ADOBE PDF READER UPGRADE NOTIFICATION" - followed by descriptive text copied from the Adobe Reader web pages. The scammers then announce: "contains critical security updates" and provide you with a cleverly worded link that includes the words "adobe", "PDF" and/or "Reader", with dashes between words, ending with the word -download(s) or -upgrade,com. The links are leading to exploit websites in China, hosted on Windows servers at: 122.224.4.113, and possibly other nearby IP addresses.
The related Skype scams purport to come from Skype Support (but not from skype.com) and tell about all of the benefits of upgrading to the newest version of Skype. However, as in the previous Adobe scam, the links end in -download(s).com. Again, this domain is hosted on a Windows IIS web server in China, at 122.224.4.113 (or neighbors).
The latest round to arrive this evening claim to lead to an alternative to the now defunct LimeWire file sharing system. That illegal file sharing service was shut down by US Federal Court action, led by the D.O.J. The new scam claims to offer you free P2P software that allows you to send and receive illegal files with other law breakers and pirates. However, if you download that installer, instead of getting connected to a new file sharing service, you will become botted, with your PC becoming a contributing member of a peer to peer spam botnet. Then your PC will be used to send out messages like these to innocent people whose email addresses have been harvested by spam bots on their friends computers.
I have just finished writing three new filters for MailWasher Pro users, which detect these new software scams and block them (with either automatic or manual deletion). All of my custom spam filters are available in both the old (filters.txt - for up to v 6.5.4) and new (Filters.xml - for MWP 2010 onward) MailWasher formats. If you use MailWasher Pro to filter out spam, before downloading it to your desktop email client, you should take a look at my filters and see if they help reduce your time spent classifying what is good and what is spam email.
My filters are still free to download and use, but I most certainly do appreciate any donations that grateful MailWasher Pro users make, to show their appreciation for my work.