Criminals are targeting Google AdWords customers with phony emails requesting the victim download a 128-bit SSL certificate. A client received this version (there are quite a few variations):
From: Google Adwords account [mailto:email@example.com]
Sent: Monday, September 29, 2008 8:52 PM
To: <potential victim>
Subject: Google Adwords Alert
Attention GOOGLE ADWORDS Customers!
For certain services, such as our advertising programs, we request 128-bit SSL security information which we maintain in encrypted form on secure servers.
We take appropriate security measures to protect against unauthorized access to our unauthorized alteration, disclosure or destruction of data.
Please download latest SSL protection certificate
Unprotected browsers will not be able to Log in after September 30, 2008
Sincerely, Genaro Escobar.
2008 Google Adwords, Developing new services.
Unsuspecting victims who click on the “Read more” link are taken to a malicious website where their machine is infected with a keylogger rootkit. The URL of the site varies, but is similar to this one:
Of course, the actual domain the person arrives at isn’t google.com, but, in this case, mekefri.com.
A good rundown on this attack can be found at: Digital Certificate Spammer Goes for Google Adwords