An “Adobe Security Update” malware campaigns, is said to be making the rounds, according to email security vendor Red Condor as well as reports from the software company. The spam messages reference a vulnerability identified as CVE-2010-0193, a bug that was addressed by Adobe previously on April 13.

The messages instruct users to download an executable file, which is known as Poison or PoisonIvy and is in fact malicious. According to news outlet Softpedia, only 19 of the 40 top AV engines are currently able to correctly identify this file as malicious.

Adobe has issued the following warning on their blog:

“Customers who subscribe to the Adobe Security Notification Service will receive email notifications that ONLY point to security advisories or security bulletins on the adobe.com domain (i.e. http://www.adobe.com/go/apsb10-09), and that NEVER link directly to an executable for a product security update or contain attachments that must be opened. Adobe product updates are only available (1) via the product's automatic update feature or (2) from the Adobe website at http://www.adobe.com/downloads/updates/.”

Stay safe out there! Always pay close attention to EXE files, and if something looks off in an email that is claiming to originate from a software vendor, be sure to verify the story directly on the vendors site before taking any action.

A spam message that claims origin from billionaire Saudi Prince Al-Waleed is currently making the rounds in the Middle East and Africa region according to security firm Trend Micro. As reported on ITP.net, the message is “seeking new business ventures” and an excerpt of the message reads as follows:

"In line with the recent international foray for profitable investment having across the globe, I seek this medium to increase my global and domestic alliances via various services Including Mortgage Banking, Micro Financing, Real Estate Business and a host of other profitable ventures.

If you think you are good in any of the mentioned business sector. Kindly contact me for possible business co-operation."

Within the Middle East – Israel, Saudi Arabia, and the United Arab Emirates suffer from the highest level of spam.

And while public figures have long been used as “bait” in spam campaigns, what’s concerning here is the evolution of what these spam messages look like.

In the case of this note, the message came from a yahoo address bearing Al-Waeed’s name and accurate contact details for his company Kingdom Holding Co.  These characteristics, paired with a target audience that may lack exposure to these types of threats makes for a dangerous combination.

When spam first emerged many thought that awareness alone would be enough to stifle its growth, but as spammers continue to profit from attacks like the one above they show no sign of slowing – and attacks are only growing in sophistication.

The problem: TLS encrypted mail requires more processing power & storage space than non-TLS traffic.

The result: a greater degree of strain on your mail server.

Why spammers are doing it: It’s another way to evade law enforcement, TLS makes interception and subsequent infiltration of a botnet more difficult.

How to protect yourself:

1.     Make sure your anti-spam system is not configured to automatically accept TLS encrypted messages (although most don’t, some have in the past)

2.     Make sure you have a system in place to offload unnecessary mail traffic from your mail server (e.g. an email protection appliance that sits in front of your mail server or a hosted email protection solutions that processes the bulk of messages in the cloud).

Otherwise known as Category Number 1 below (“the con,” see Email Abuse: Cons, Attacks, Phish). 419 scams are in essence a type of advance-fee fraud that is conducted over email - offering a large payoff for a small amount of work.  If the victim “accepts,” he/she ends up fronting cash in the hopes of payoff that will never happen.

More personal than many of the other types of abusive email, the 419 scam is experiencing a comeback, experts think in part because of the recent earthquake in Haiti. According to Symantec’s February State of Spam and Phishing Report 419 cons are at the highest levels ever measured by the company.

While many pose the obvious question, who responds to these messages?, the answer is quite chilling: in 2009 alone victims lost a collective $9.3 billion to these scammers. That’s right, billion. To date we’ve dropped $41 billion on these guys, at a growth rate of 5% each year.

To all those who think this resurgence will be short lived and that the general public has “wisened up” – think again.  As always, be smart with your email:

1. NEVER provide personal or confidential information via email (e.g. bank numbers, addresses, social security numbers etc.)
2. If it sounds too good to be true IT PROBABLY IS – delete it. If your long lost uncle from the UK actually had left his entire inheritance in your name, wouldn’t they have a better way to contact you than that yahoo address of yours?

Spam has taken on a life of its own in more ways than one.  Similar to Google trends, or Twitter’s trending topics, McAfee (along with several other organizations close to the world of email) continues to keep a pulse on hot topics in the world of spam email.

And (drum roll please) … the December breakdown, according to a January 2010 spam trend report, went as follows:

The most popular male spam subject was none other than Obama - followed by Michael Jackson, George Bush and Brad Pitt.

The top female “honor” went to Angelina Jolie, followed by Oprah, Paris Hilton and Britney Spears.

While there wasn’t any overlap between Google trends and what spammers bet their money on in the month of December (perhaps they would have been more successful if there were?) – each of these figures have in their own right fascinated us to no end at one time or another.

But unlike Twitter’s trending topics or Google trends, we’re left feeling like there isn’t much to gather here about – well – much of anything.  Will Paris Hilton be making her big come back in January 2010?  Maybe Angelina and Brad will finally break it off come February?  Or perhaps spammers took a gamble on what would pull on our delicate heart strings during the month of December and this is what came out. 

I came across this article last night, “Botnet Operators Gearing Up for Valentine’s Day Spammers try to play Cupid, with a dark twist” by Richard Adhikari with Internet News (http://www.internetnews.com/security/article.php/3802331) and can’t help but think there is nothing new here.

The “bad guys” are well funded and have developed sophisticated tool-sets to evade detection by content driven and IP reputation based security systems.

While I’m not extremely familiar with the term “fast flux DNS,” this is a perfect illustration of why DNS blacklisting (a.k.a. IP reputations) is such a waste of time as currently implemented by folks like Websence, etc. The “bad guys” know that as long as they are competing against reactive technologies like content filters and DNS blacklists they will ALWAYS be ahead of the curve.