Phishers are sending out cleverely-constructed e-mails purporting to be from a Taiwanese bank in a bid to trick victims into downloading malware that exploits an Adobe vulnerability.
The spam e-mails contain credit card promotion email messages that are embedded with an .swf virus link, says Internet security outfit Symantec.
Recipients are able to see the bank's image at the top of the message and promotion notes at the bottom. There is also a large blank space designed to trick victims into believing the promotion content has been lost in transit.
The message contains a link that recipients are instructed to click on if the page does not display properly. If clicked on, users are redirected to a site containing shellcode in the form of a file named sploit.swf, which exploits Adobe AVM2 Scope Stack Corruption vulnerability.
Adobe released a patch for the vulnerability - which affects Acrobat, Reader and Flash - last month.