This morning I stumbled across what seems to be a new malware-spreading technique: A fake updates for Google Chrome and a fake "media player" update that is designed to look like it's coming from Adobe.
Both updates are digitally signed by valid VeriSign code signing certificates. This is not unprecedented, but it's highly unusual for malware authors to use an expensive provider like VeriSign. VeriSign Authentication Services
are now part of Symantec.
The fake Chrome update uses a logo similar to Chrome's, but obviously distinguishable from it. The page correctly identifies the version of Chrome I was running (the current version) and then says that it "may be outdated".