Danger! Fake $50 iTunes certificate carries malware

Filed Under: Apple, Malware, Spam

Amid all the usual attacks posing as delivery notices from DHL and FedEx this morning, I spotted some malware that had been spammed out posing as an Apple iTunes certificate for $50.

iTunes malware

The emails read as follows:

Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <software@itunes.com>
Attached file: iTunes_certificate_997.zip

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.

Sophos detects the malware, contained inside a ZIP file, as Troj/BredoZp-AM and Mal/FakeAV-BW.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.