How to Detect Authentication Bypass Violations

Remko's Rad is mallered that Brad found this week in an email attachment. It started out as so often with an email that included a link to a PDF. The interesting part here is that the link went to acrobat.adobe.com. This is a legitimate Adobe URL, but it's used for acrobat users to publish documents. All the communication happens to be if I saw this right over HTTPS.