The PDF itself does not appear to contain any known viruses, nor does it actually contain any actual information. It appears that the spammer or phisher is currently in an “experimenting” phase.

As with any email of this nature, please feel free to contact DecaTech for assitance before making any suspicious changes or responding to something like this online.

UPDATE: I’ve found out that the PDF does actually contain an embedded payload – DO NOT OPEN IT!

More info, from another forum I found this morning:

The PDF contains an embedded payload of two vbs scripts. The second of the two vbs scripts calls a fso.OpenTextFile and writes a stream from an array defined within the vbs file. The file game.exe is created and then called from the vbs.

The file c:\program files\Microsoft Common\svchost.exe is then created and the following regkey is added:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
“Debugger”=”C:\\Program Files\\Microsoft Common\\svchost.exe”

Subject: Attention – Mail Server Upgrade

Attention!

On October 30, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.yourdomain.com.secure.mail-admins.net/mail/id=717904896791-email@yourdomain.com-patch882.aspx

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Please note that this message is definitely NOT from DecaTech Solutions, and most likely contains malware that can harm your computer.

If you ever receive a message like this and question its intentions in any way – feel free to contact DecaTech Support and we’ll be happy to help.

Phishing as a type of online scam has been around for a few years. Unfortunately, the scammers have continued to get more sophisticated, making it tougher to determine when an email is real and when it is a phishing attempt.

Several clients have received email messages with subjects like “Please, renew your domain” and “Inaccurate whois information” or even the urgent sounding “Your domains will be deleted soon” that appear to be from Network Solutions or some other well known domain registrar. The From Address looks valid, the email appears to have a legitimate request, and the link in it appears to go directly to www.networksolutions.com.

Don’t be fooled!

In a phishing email, the scammer can easily use HTML to make a link appear to be valid when the link actually goes somewhere different. In most recent cases, the scammer simply adds “www.networksolutions.com” as a subdomain for their own domain so that “www.networksolutions.com.scammer123.com” shows *their* phishing page. On that page they make it look like you are logging into your Network Solutions account when they are actually capturing your account information so that they can use it against you.

One way to detect these phishing emails and their bogus links is to hover your mouse over the link before clicking.

The best way to avoid these phishing attempts is to not click on the links – type in the URL into your browser yourself. You can also forward a suspicous email about your domain to support @decatech.com and we’d be happy to help you diagnose the request.

DecaTech Solutions – Helping you Stay Safe Online