Threats from Message Threads: A Cautionary Tale of IT Security

Updated: May 05, 2010

Consider the following e-mail message thread, which made its way through recently. Please do NOT click on ANY of the links in the e-mail thread, for reasons that will become abundantly clear.


[Message thread begins.]

-----Original Message-----

From: Andrew Mosson

Sent: Tuesday, May 04, 2010 10:01 AM

To: Chris Nordman

Cc: Scott Albro

Subject: Fw: Adobe Security Update


Just received this important information about a security vulnerability that requires our immediate attention.

Kindly follow the instructions in the email as forwarded as soon as possible.


Andrew Mosson


--- On Fri, 04/30/2010, Scott Albro wrote: ---

From: Scott Albro

To: Andrew Mosson

Subject: Fw: Adobe Security Update

Date: Friday, April 30, 2010, 3:13 PM


Our systems are at risk. Forward the information below to the people we talked about.

All systems will independently be checked, so make sure the instructions are followed as specified to avoid any problems.

A step by step [sic] instruction manual, sent by Adobe Risk Management, is included below.


--- On Fri, 4/30/10, James Kitchin wrote: ---

From: James Kitchin

To: Scott Albro

Subject: Adobe Security Update

Date: Friday, April 30, 2010, 11:24 AM

Broadcast message:

Adobe has issued a directive which states that all systems running their software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been discovered on several systems running the previously released version of the software, which has been further documented on security sites such as

It is strongly advised that all systems running the Adobe software is updated with the latest security patch to avoid further situations hampering the security and integrity of the system. Failure to follow the directive would mean that any loss which occurs due to the negligence will be a liability of the company and not Adobe. The link to update the system with the latest patch and instructions are provided below:

Download the instructions here:

To start the update process and download the installation file, click here:


James Kitchin

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-537-6000




This e-mail message and information contained in or attached to this message is privileged, confidential, and protected from disclosure and is intended only for the person or entity to which it is addressed. Any review, re-transmission, dissemination, printing or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.

[Message thread ends.]


Nothing remarkable about the above thread - until and unless you realize that neither Andrew Mosson nor Scott Albro ever sent any of these messages, and that "James Kitchin" of Adobe does not appear to exist. (The phone number listed for "Adobe Risk Management" is also actually the fax number at Adobe Systems' headquarters, which are in fact at 345 Park Avenue in San Jose, CA.)

The core of the message thread is an attempt to get the recipients of the e-mails to click on the links to the supposed instructions and the alleged software patch. Either or both are likely to initiate download of a virus or other malware, however. (The IP address in the link to the alleged "installation file" belongs to a company called "Maass Flange Corp." in Houston, TX, "a fully integrated, forging and machining manufacturer of domestic and import stainless and alloy flanges," according to that legitimate company's Web site.

The bottom line: someone apparently used sophisticated tools to figure out our corporation's organizational structure. That someone then figured out how to identify and "clone" legitimate user names and e-mail addresses, then to craft the above attempts at "social engineering." The miscreant in question also appears to have used "bot" software to hijack a legitimate server, or at least its IP address, to deliver malware to unsuspecting victims of his or her social engineering attempts. And if they could do it to our company, they can do it to yours too.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more