Trojan Keylogger Downloaded With Adobe Spoof Email

A spoof message aiming Adobe users - purporting to have the recent variant of the firm's PDF reader, but actually bearing a malevolent Trojan keylogger - has been detected in the wild, as per investigators at SurfControl.

The e-mail requests readers to transfer the newest variant of Adobe Reader 7.0.8. Upon opening the link, the e-mail transfers a Trojan keylogger (Goldun.nq) that, after running, transmits further malwares that scrutinize the consumer's browser, possibly thieving their personal information. The Trojan next opens the pertinent Adobe "read me" file in the browser so as to look genuine.

Next, it fixes other malware that transforms the affected computer into a zombie that releases spams resembling a Microsoft ad for Windows Live Messenger. These spams connect to malicious codes on other computer that resembles the malware in the initial Adobe spoof email.

The keyword-thieving Trojan "Troj/Goldun-NQ for the Windows platform, deposits more malicious code, records keystrokes & watches browser action. Troj/Goldun-NQ contains functionality to go online and link up with a remote computer through HTTP," informs security marketer Sophos on its site.

Vice president for worldwide content at SurfControl, Susan Larson informed SCMagazine.com that the malicious software is more complex than majority of those secured to spoof emails.

"The initial (Trojan) dropped like an Acrobat update, bearing an Adobe symbol, and it was extremely well executed," she said. "It in fact converted your computer into spam releaser, albeit with a Microsoft symbol. After that it transferred the identical Trojan, but now with an Internet Explorer trademark making it extremely credible." A report from Adobe suggested clients to open electronic messages with care.

"Adobe has been alerted about a third party that has started to spread a spoofed email that mistakenly seems to be originating from Adobe. This email is hazarded to include malevolent connections impersonating as links to Adobe application transfers", said the report.

"Adobe has asked the Internet service providers to take suitable action and close down access to the related Internet pages. Like always, Adobe advises clients to be careful while getting unwanted email messages that contain suspicious links or connections."

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 11/18/2006