Ever wonder how computer viruses propagate through the Internet? I just got an email which may shed some light. Go ahead and click the image at the top of this entry so you can get a better look (looking at my image won’t give you a virus–honest).
The email looks like it’s coming from Adobe and it references Acrobat a product which gets updated interminably! You’ve been softened up because everything looks right. It is not.
Even the URL you click on looks right… until you look closer. It’s not going to adobe.com, but adobe-reader-upgrades.info.
I did a “whois” search. Here’s what I found:
Created On:16-Feb-2011 22:20:23 UTC
Last Updated On:16-Feb-2011 22:20:33 UTC
Expiration Date:16-Feb-2012 22:20:23 UTC
Sponsoring Registrar:Regional Network Information Center, JSC dba RU-CENTER (R383-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Registrant Street1:2938 Avenue Street
Registrant City:New York
Registrant Postal Code:20394
This domain was created Wednesday night at 5:20 PM EST (22:20 UTC) at a Russian registrar. Obviously the rest of the info is bogus!
The server that answers when you enter adobe-reader-upgrades.info is also in Russia, in Vladivostok.
This email is well done. Kudos to the crooks! It’s beautifully engineered to gain your trust.
Is this legal? Probably not, but exactly who is going to police this after the close of business across Europe and a good part of the United States? By the time this is stopped the damage will be done. Hundreds or thousands of computers will be infected.
In the end this isn’t evil for evil’s sake, but evil for money’s sake.