An E-Mail From Adobe?

[JD]

Anybody else get this little nugget as an e-mail? I received this e-mail
this evening:

The Header:

Subject: Action Required : Download New Adobe Acrobat Reader For Your PC
From: Adobe System Incorporated <adobe@news.mondino.de>
Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
To: JD
X-Account-Key: account8
X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <return@news.mondino.de>
Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43]) by
mxin5.lsn.net (8.13.5/8.13.5)
with ESMTP id p3C1jxtr024840 for <JD>; Mon, 11 Apr 2011 20:45:59 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
d=news.mondino.de; h=Message-
IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding;
i=adobe@news.mondino.de; bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ/OowmA+
q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2BvFjMH
eE+fR104TWIrFbL7c+c=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
d=news.mondino.de;
b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoLMbyvDMz
xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbjTW2wd
Qvf4LDK75vsAX8///K4=;
Received: by mail17-43.srv2.de id hkend60farc5 for <JD>; Tue, 12 Apr 2011
03:45:54 +0200 (envelope-from <return@news.mondino.de>)
Message-ID:
<re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
news.mondino.de>
Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-ulpe: re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
news.mondino.de
X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
X-Virus-Status: Clean

The body of the e-mail:

INTRODUCING UPGRADED ADOBE ACROBAT READER
Dear Customers,
Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader.
Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
Advanced features include:
- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange
To upgrade and enhance your work productivity today, go to:
Action Required : Download New Adobe Acrobat Reader For Your PC
Adobe Acrobat Reader Upgrade Center (hxxp://www.adobe-download6.com/)
Start downloading the update right now and let us know what you think
about it.
We're working on making Adobe Acrobat Reader better all the time !
Copyright 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated
343 Preston Street
Ottawa, ON K1S 1N4
Canada
Action Required : Download New Adobe Acrobat Reader For Your PC

There were two places to click on the following link, as I've added in
the above message:

(hxxp://www.adobe-download6.com/) Munged to be non-active links.

Of course I didn't try either link but how would I report this to Adobe?
It can't be real, right?

--
JD..

[Rhonda Lea Kirk Fries]

JD wrote:
> Anybody else get this little nugget as an e-mail? I received this
> e-mail this evening:
>
> The Header:
>
> Subject: Action Required : Download New Adobe Acrobat Reader For Your
> PC From: Adobe System Incorporated <adobe@news.mondino.de>
> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
> To: JD
> X-Account-Key: account8
> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <return@news.mondino.de>
> Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43])
> by mxin5.lsn.net (8.13.5/8.13.5)
> with ESMTP id p3C1jxtr024840 for <JD>; Mon, 11 Apr 2011 20:45:59 -0500
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
> d=news.mondino.de; h=Message-
> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding;
> i=adobe@news.mondino.de; bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ/OowmA+
> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2BvFjMH
> eE+fR104TWIrFbL7c+c=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
> d=news.mondino.de;
> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoLMbyvDMz
> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbjTW2wd
> Qvf4LDK75vsAX8///K4=;
> Received: by mail17-43.srv2.de id hkend60farc5 for <JD>; Tue, 12 Apr
> 2011 03:45:54 +0200 (envelope-from <return@news.mondino.de>)
> Message-ID:
> <re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
> news.mondino.de>
> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
> MIME-Version: 1.0
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> X-ulpe:
> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
> news.mondino.de X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
> X-Virus-Status: Clean
>
> The body of the e-mail:
>
> INTRODUCING UPGRADED ADOBE ACROBAT READER
> Dear Customers,
> Adobe is pleased to announce new version upgrades for Adobe Acrobat
> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
> Advanced features include:
> - Collaborate across borders
> - Create rich, polished PDF files from any application that prints
> - Ensure visual fidelity
> - Encrypt and share PDF files more securely
> - Use the standard for document archival and exchange
> To upgrade and enhance your work productivity today, go to:
> Action Required : Download New Adobe Acrobat Reader For Your PC
> Adobe Acrobat Reader Upgrade Center (hxxp://www.adobe-download6.com/)
> Start downloading the update right now and let us know what you think
> about it.
> We're working on making Adobe Acrobat Reader better all the time !
> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
> Adobe Systems Incorporated
> 343 Preston Street
> Ottawa, ON K1S 1N4
> Canada
> Action Required : Download New Adobe Acrobat Reader For Your PC
>
> There were two places to click on the following link, as I've added in
> the above message:
>
> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>
> Of course I didn't try either link but how would I report this to
> Adobe? It can't be real, right?

IP address: 91.220.62.56
Host name: adobe-download6.com
Alias: adobe-download6.com
91.220.62.56 is from Russian Federation(RU) in region Eastern Europe

[Li'l Abner]

JD <JD@example.invalid> wrote in
news:N4qdnQdpLP7dVD7QnZ2dnUVZ_hKdnZ2d@posted.grand ecom:

> Anybody else get this little nugget as an e-mail? I received this
> e-mail this evening:
>
> The Header:
>
> Subject: Action Required : Download New Adobe Acrobat Reader For Your
> PC From: Adobe System Incorporated <adobe@news.mondino.de>
> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
> To: JD
> X-Account-Key: account8
> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <return@news.mondino.de>
> Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43])
> by mxin5.lsn.net (8.13.5/8.13.5)
> with ESMTP id p3C1jxtr024840 for <JD>; Mon, 11 Apr 2011 20:45:59 -0500
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
> d=news.mondino.de; h=Message-
> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Tran
> sfer-Encoding; i=adobe@news.mondino.de;
> bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ
> /OowmA+
> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2B
> vFjMH eE+fR104TWIrFbL7c+c=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
> d=news.mondino.de;
> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoL
> MbyvDMz
> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbj
> TW2wd Qvf4LDK75vsAX8///K4=;
> Received: by mail17-43.srv2.de id hkend60farc5 for <JD>; Tue, 12 Apr
> 2011 03:45:54 +0200 (envelope-from <return@news.mondino.de>)
> Message-ID:
><re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
> news.mondino.de>
> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
> MIME-Version: 1.0
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> X-ulpe:
> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
> news.mondino.de
> X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
> X-Virus-Status: Clean
>
> The body of the e-mail:
>
> INTRODUCING UPGRADED ADOBE ACROBAT READER
> Dear Customers,
> Adobe is pleased to announce new version upgrades for Adobe Acrobat
> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
> Advanced features include:
> - Collaborate across borders
> - Create rich, polished PDF files from any application that prints
> - Ensure visual fidelity
> - Encrypt and share PDF files more securely
> - Use the standard for document archival and exchange
> To upgrade and enhance your work productivity today, go to:
> Action Required : Download New Adobe Acrobat Reader For Your PC
> Adobe Acrobat Reader Upgrade Center (hxxp://www.adobe-download6.com/)
> Start downloading the update right now and let us know what you think
> about it.
> We're working on making Adobe Acrobat Reader better all the time !
> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
> Adobe Systems Incorporated
> 343 Preston Street
> Ottawa, ON K1S 1N4
> Canada
> Action Required : Download New Adobe Acrobat Reader For Your PC
>
> There were two places to click on the following link, as I've added in
> the above message:
>
> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>
> Of course I didn't try either link but how would I report this to
> Adobe? It can't be real, right?

You're right.

Malwarebytes blocks an IP when trying to access the site. Then WOT flags
it too. I didn't experiment beyond that.

--
--- Everybody has a right to my opinion. ---

[Andy Walker]

JD wrote:

>here were two places to click on the following link, as I've added in
>the above message:
>
>(hxxp://www.adobe-download6.com/) Munged to be non-active links.
>
>Of course I didn't try either link but how would I report this to Adobe?
>It can't be real, right?


Check out http://www.adobe.com/support/security/alertus.html

•Reporting software piracy (copying, selling, or using software that
hasn't been properly licensed), phishing, spoofing, or spam emails.
See the Adobe anti-piracy initiative, or contact piracy@adobe.com
directly.


I checked out the links and leads to a "sign-up to get your download"
form. They do have a disclaimer on the site:

"This website that no affiliation whatsoever with the owner of this
software program, and provides only a link to the software program."

I suspect that once you create a login (with all your personal info)
they give you a link to the real Reader X Adobe download.

[JD]

Rhonda Lea Kirk Fries wrote:
> JD wrote:
>> Anybody else get this little nugget as an e-mail? I received this
>> e-mail this evening:
>>
>> The Header:
>>
>> Subject: Action Required : Download New Adobe Acrobat Reader For Your
>> PC From: Adobe System Incorporated<adobe@news.mondino.de>
>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>> To: JD
>> X-Account-Key: account8
>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>> X-Mozilla-Status: 0001
>> X-Mozilla-Status2: 00000000
>> Return-Path:<return@news.mondino.de>
>> Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43])
>> by mxin5.lsn.net (8.13.5/8.13.5)
>> with ESMTP id p3C1jxtr024840 for<JD>; Mon, 11 Apr 2011 20:45:59 -0500
>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
>> d=news.mondino.de; h=Message-
>> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding;
>> i=adobe@news.mondino.de; bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
>> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ/OowmA+
>> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2BvFjMH
>> eE+fR104TWIrFbL7c+c=
>> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
>> d=news.mondino.de;
>> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoLMbyvDMz
>> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbjTW2wd
>> Qvf4LDK75vsAX8///K4=;
>> Received: by mail17-43.srv2.de id hkend60farc5 for<JD>; Tue, 12 Apr
>> 2011 03:45:54 +0200 (envelope-from<return@news.mondino.de>)
>> Message-ID:
>> <re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>> news.mondino.de>
>> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
>> MIME-Version: 1.0
>> Content-Type: text/html; charset=ISO-8859-1
>> Content-Transfer-Encoding: 7bit
>> X-ulpe:
>> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>> news.mondino.de X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
>> X-Virus-Status: Clean
>>
>> The body of the e-mail:
>>
>> INTRODUCING UPGRADED ADOBE ACROBAT READER
>> Dear Customers,
>> Adobe is pleased to announce new version upgrades for Adobe Acrobat
>> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
>> Advanced features include:
>> - Collaborate across borders
>> - Create rich, polished PDF files from any application that prints
>> - Ensure visual fidelity
>> - Encrypt and share PDF files more securely
>> - Use the standard for document archival and exchange
>> To upgrade and enhance your work productivity today, go to:
>> Action Required : Download New Adobe Acrobat Reader For Your PC
>> Adobe Acrobat Reader Upgrade Center (hxxp://www.adobe-download6.com/)
>> Start downloading the update right now and let us know what you think
>> about it.
>> We're working on making Adobe Acrobat Reader better all the time !
>> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
>> Adobe Systems Incorporated
>> 343 Preston Street
>> Ottawa, ON K1S 1N4
>> Canada
>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>
>> There were two places to click on the following link, as I've added in
>> the above message:
>>
>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>
>> Of course I didn't try either link but how would I report this to
>> Adobe? It can't be real, right?
>
> IP address: 91.220.62.56
> Host name: adobe-download6.com
> Alias: adobe-download6.com
> 91.220.62.56 is from Russian Federation(RU) in region Eastern Europe
>
>
>

How did you find the IP address?

Searching http://www.dnsstuff.com/ for adobe-download6.com returns
information regarding a person in China.

Searching http://www.mywot.com/ adobe-download6.com returns
information similar to what you posted.

--
JD..

[JD]

Li'l Abner wrote:
> JD<JD@example.invalid> wrote in
> news:N4qdnQdpLP7dVD7QnZ2dnUVZ_hKdnZ2d@posted.grand ecom:
>
>> Anybody else get this little nugget as an e-mail? I received this
>> e-mail this evening:
>>
>> The Header:
>>
>> Subject: Action Required : Download New Adobe Acrobat Reader For Your
>> PC From: Adobe System Incorporated<adobe@news.mondino.de>
>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>> To: JD
>> X-Account-Key: account8
>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>> X-Mozilla-Status: 0001
>> X-Mozilla-Status2: 00000000
>> Return-Path:<return@news.mondino.de>
>> Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43])
>> by mxin5.lsn.net (8.13.5/8.13.5)
>> with ESMTP id p3C1jxtr024840 for<JD>; Mon, 11 Apr 2011 20:45:59 -0500
>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
>> d=news.mondino.de; h=Message-
>> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Tran
>> sfer-Encoding; i=adobe@news.mondino.de;
>> bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
>> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ
>> /OowmA+
>> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2B
>> vFjMH eE+fR104TWIrFbL7c+c=
>> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
>> d=news.mondino.de;
>> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoL
>> MbyvDMz
>> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbj
>> TW2wd Qvf4LDK75vsAX8///K4=;
>> Received: by mail17-43.srv2.de id hkend60farc5 for<JD>; Tue, 12 Apr
>> 2011 03:45:54 +0200 (envelope-from<return@news.mondino.de>)
>> Message-ID:
>> <re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>> news.mondino.de>
>> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
>> MIME-Version: 1.0
>> Content-Type: text/html; charset=ISO-8859-1
>> Content-Transfer-Encoding: 7bit
>> X-ulpe:
>> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>> news.mondino.de
>> X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
>> X-Virus-Status: Clean
>>
>> The body of the e-mail:
>>
>> INTRODUCING UPGRADED ADOBE ACROBAT READER
>> Dear Customers,
>> Adobe is pleased to announce new version upgrades for Adobe Acrobat
>> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
>> Advanced features include:
>> - Collaborate across borders
>> - Create rich, polished PDF files from any application that prints
>> - Ensure visual fidelity
>> - Encrypt and share PDF files more securely
>> - Use the standard for document archival and exchange
>> To upgrade and enhance your work productivity today, go to:
>> Action Required : Download New Adobe Acrobat Reader For Your PC
>> Adobe Acrobat Reader Upgrade Center (hxxp://www.adobe-download6.com/)
>> Start downloading the update right now and let us know what you think
>> about it.
>> We're working on making Adobe Acrobat Reader better all the time !
>> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
>> Adobe Systems Incorporated
>> 343 Preston Street
>> Ottawa, ON K1S 1N4
>> Canada
>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>
>> There were two places to click on the following link, as I've added in
>> the above message:
>>
>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>
>> Of course I didn't try either link but how would I report this to
>> Adobe? It can't be real, right?
>
> You're right.
>
> Malwarebytes blocks an IP when trying to access the site. Then WOT flags
> it too. I didn't experiment beyond that.
>

WOT has a discussion regarding adobe-download6.com. I didn't even think
about using http://www.mywot.com/ but I've added it to my WhoIs notes.

Are you using the paid version of MBAM? I don't see any place to block
the IP in the free version.

--
JD..

[JD]

Andy Walker wrote:
> JD wrote:
>
>> here were two places to click on the following link, as I've added in
>> the above message:
>>
>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>
>> Of course I didn't try either link but how would I report this to Adobe?
>> It can't be real, right?
>
>
> Check out http://www.adobe.com/support/security/alertus.html
>
> •Reporting software piracy (copying, selling, or using software that
> hasn't been properly licensed), phishing, spoofing, or spam emails.
> See the Adobe anti-piracy initiative, or contact piracy@adobe.com
> directly.
>
>
> I checked out the links and leads to a "sign-up to get your download"
> form. They do have a disclaimer on the site:
>
> "This website that no affiliation whatsoever with the owner of this
> software program, and provides only a link to the software program."
>
> I suspect that once you create a login (with all your personal info)
> they give you a link to the real Reader X Adobe download.
>

http://www.mywot.com/ reports something a little different:

adobe-download1.org
confirmed Phishing site, re:
http://phish.opendns.com/main?url=xx...t-download.com


adobe-acrobat-download.com
Download link points to:
hxxp://secureonlineweb.su/p06/%28S%28egabiyutrskea4arznzh4mio%29%29/join.aspx
which requires a "subscription" requesting: email address, first and
last name. After entering bogus information, page 2 "next step" requests
credit card payment, default subscription terms being:
3 Year Unlimited VIP Access & Support for ONLY $55.59 $12.97/year (Best
Value!)

the payment form is "powered by"
Payment Service Provider for: Multibill
aka: hxxp://xxx.virtualxs.com/ | hxxp://xxx.vxsbill.com/

--
JD..

[Heather]

"JD" <JD@example.invalid> wrote in message
news:57SdnX22udMpzznQnZ2dnUVZ_hKdnZ2d@posted.grand ecom...
> Rhonda Lea Kirk Fries wrote:
>> JD wrote:
>>> Anybody else get this little nugget as an e-mail? I received this
>>> e-mail this evening:
>>>
>>> The Header:
>>>
>>> Subject: Action Required : Download New Adobe Acrobat Reader For Your
>>> PC From: Adobe System Incorporated<adobe@news.mondino.de>
>>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>>> To: JD
>>> X-Account-Key: account8
>>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>>> X-Mozilla-Status: 0001
>>> X-Mozilla-Status2: 00000000
>>> Return-Path:<return@news.mondino.de>
>>> Received: from mail17-43.srv2.de (mail17-43.srv2.de [193.169.180.43])
>>> There were two places to click on the following link, as I've added
>>> in
>>> the above message:
>>>
>>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>>
>>> Of course I didn't try either link but how would I report this to
>>> Adobe? It can't be real, right?
>>
>> IP address: 91.220.62.56
>> Host name: adobe-download6.com
>> Alias: adobe-download6.com
>> 91.220.62.56 is from Russian Federation(RU) in region Eastern Europe

I just got the same address in my Yahoo junk mail, but this was claiming
to be from Skype and was addressed to me, not to undisclosed recipients.
Like yours, there were two places to click on in the email and both went
to the news.mondino.de address. If anyone wants the full headers I will
post them.

Date: Tue, 12 Apr 2011 06:35:03 +0200 (CEST) From: This sender is
DomainKeys verified
Skype Support <Skype@news.mondino.de>
Add sender to Contacts Reply-To:
re-EGQSTLM-1UZ23CQ-WTW266@news.mondino.de
>>
This was the body of the scam/spam......guess I will send it to them.

Heather

SKYPE VoIP ADDONS UPDATES



This is to notify that new updates have been released for Skype.
Following are major new features:

- Talk more for free via Voice Over IP (VoIP).
- Lower cost when connecting to landlines (much cheaper than Calling
Card).
- Record your conversation (better than telephone quality).
- Instant messaging& file-sharing, video calls.
- Now available on PSP !

To check and upgrade, go to Skype Updates Center

Skype has changed the way we think of telecommunications.

Thank you for choosing us.

With best regards,

Skype Support

[Heather]

Addendum........got one from Adobe too with the same address. Went to
the Skype home page and it sure looks real.......Avast is not detecting
anything.

Heather

"Heather" <nospam@reallynospam.invalid> wrote in message
news:io225f$l7d$1@dont-email.me...
>
> "JD" <JD@example.invalid> wrote in message
> news:57SdnX22udMpzznQnZ2dnUVZ_hKdnZ2d@posted.grand ecom...
>> Rhonda Lea Kirk Fries wrote:
>>> JD wrote:
>>>> Anybody else get this little nugget as an e-mail? I received this
>>>> e-mail this evening:
>>>>
>>>> The Header:
>>>>
>>>> Subject: Action Required : Download New Adobe Acrobat Reader For
>>>> Your
>>>> PC From: Adobe System Incorporated<adobe@news.mondino.de>
>>>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>>>> To: JD
>>>> X-Account-Key: account8
>>>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>>>> X-Mozilla-Status: 0001
>>>> X-Mozilla-Status2: 00000000
>>>> Return-Path:<return@news.mondino.de>
>>>> Received: from mail17-43.srv2.de (mail17-43.srv2.de
>>>> [193.169.180.43])
>>>> There were two places to click on the following link, as I've added
>>>> in
>>>> the above message:
>>>>
>>>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>>>
>>>> Of course I didn't try either link but how would I report this to
>>>> Adobe? It can't be real, right?
>>>
>>> IP address: 91.220.62.56
>>> Host name: adobe-download6.com
>>> Alias: adobe-download6.com
>>> 91.220.62.56 is from Russian Federation(RU) in region Eastern Europe
>
> I just got the same address in my Yahoo junk mail, but this was
> claiming to be from Skype and was addressed to me, not to undisclosed
> recipients. Like yours, there were two places to click on in the email
> and both went to the news.mondino.de address. If anyone wants the full
> headers I will post them.
>
> Date: Tue, 12 Apr 2011 06:35:03 +0200 (CEST) From: This sender is
> DomainKeys verified
> Skype Support <Skype@news.mondino.de>
> Add sender to Contacts Reply-To:
> re-EGQSTLM-1UZ23CQ-WTW266@news.mondino.de
>>>
> This was the body of the scam/spam......guess I will send it to them.
>
> Heather
>
> SKYPE VoIP ADDONS UPDATES
>
>
>
> This is to notify that new updates have been released for Skype.
> Following are major new features:
>
> - Talk more for free via Voice Over IP (VoIP).
> - Lower cost when connecting to landlines (much cheaper than Calling
> Card).
> - Record your conversation (better than telephone quality).
> - Instant messaging& file-sharing, video calls.
> - Now available on PSP !
>
> To check and upgrade, go to Skype Updates Center
>
> Skype has changed the way we think of telecommunications.
>
> Thank you for choosing us.
>
> With best regards,
>
> Skype Support
>

[Li'l Abner]

JD <JD@example.invalid> wrote in
news:hqKdnesCFfPDyTnQnZ2dnUVZ_u6dnZ2d@posted.grand ecom:

> Li'l Abner wrote:
>> JD<JD@example.invalid> wrote in
>> news:N4qdnQdpLP7dVD7QnZ2dnUVZ_hKdnZ2d@posted.grand ecom:
>>
>>> Anybody else get this little nugget as an e-mail? I received this
>>> e-mail this evening:
>>>
>>> The Header:
>>>
>>> Subject: Action Required : Download New Adobe Acrobat Reader For
>>> Your PC From: Adobe System Incorporated<adobe@news.mondino.de>
>>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>>> To: JD
>>> X-Account-Key: account8
>>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>>> X-Mozilla-Status: 0001
>>> X-Mozilla-Status2: 00000000
>>> Return-Path:<return@news.mondino.de>
>>> Received: from mail17-43.srv2.de (mail17-43.srv2.de
>>> [193.169.180.43]) by mxin5.lsn.net (8.13.5/8.13.5)
>>> with ESMTP id p3C1jxtr024840 for<JD>; Mon, 11 Apr 2011 20:45:59
>>> -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
>>> d=news.mondino.de; h=Message-
>>> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Tr
>>> an sfer-Encoding; i=adobe@news.mondino.de;
>>> bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
>>> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5Kem
>>> AQ /OowmA+
>>> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY
>>> 2B vFjMH eE+fR104TWIrFbL7c+c=
>>> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
>>> d=news.mondino.de;
>>> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVI
>>> oL MbyvDMz
>>> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuT
>>> bj TW2wd Qvf4LDK75vsAX8///K4=;
>>> Received: by mail17-43.srv2.de id hkend60farc5 for<JD>; Tue, 12 Apr
>>> 2011 03:45:54 +0200 (envelope-from<return@news.mondino.de>)
>>> Message-ID:
>>> <re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>>> news.mondino.de>
>>> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
>>> MIME-Version: 1.0
>>> Content-Type: text/html; charset=ISO-8859-1
>>> Content-Transfer-Encoding: 7bit
>>> X-ulpe:
>>> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>>> news.mondino.de
>>> X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
>>> X-Virus-Status: Clean
>>>
>>> The body of the e-mail:
>>>
>>> INTRODUCING UPGRADED ADOBE ACROBAT READER
>>> Dear Customers,
>>> Adobe is pleased to announce new version upgrades for Adobe Acrobat
>>> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
>>> Advanced features include:
>>> - Collaborate across borders
>>> - Create rich, polished PDF files from any application that prints
>>> - Ensure visual fidelity
>>> - Encrypt and share PDF files more securely
>>> - Use the standard for document archival and exchange
>>> To upgrade and enhance your work productivity today, go to:
>>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>> Adobe Acrobat Reader Upgrade Center
>>> (hxxp://www.adobe-download6.com/) Start downloading the update right
>>> now and let us know what you think about it.
>>> We're working on making Adobe Acrobat Reader better all the time !
>>> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
>>> Adobe Systems Incorporated
>>> 343 Preston Street
>>> Ottawa, ON K1S 1N4
>>> Canada
>>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>>
>>> There were two places to click on the following link, as I've added
>>> in the above message:
>>>
>>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>>
>>> Of course I didn't try either link but how would I report this to
>>> Adobe? It can't be real, right?
>>
>> You're right.
>>
>> Malwarebytes blocks an IP when trying to access the site. Then WOT
>> flags it too. I didn't experiment beyond that.
>>
>
> WOT has a discussion regarding adobe-download6.com. I didn't even
> think about using http://www.mywot.com/ but I've added it to my
> WhoIs notes.
>
> Are you using the paid version of MBAM? I don't see any place to block
> the IP in the free version.

Yes. I have the paid version. When I tried to go to that site, it
blocked an IP, but it went on anyway and then WOT popped up. I'm not
sure what IP Malwarebytes blocked. If you don't look fast, it goes away.
It's probably in a log file somewhere.




--
--- Everybody has a right to my opinion. ---