Malware Spreaders Use Fake $50 iTunes Certificates, Sophos Warns

Article by George Norman (Cybersecurity Editor)

on 11 May 2010

The people with malicious intent that lurk around the internet will use any means to get malware onto your computer. They will for example claim that a celebrity just died – they did this with Johnny Depp, Kanye West and Bill Cosby. The malware spreaders’ latest attempt to compromise your computer involves sending out fake $50 iTunes certificates announced Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.

It all starts with the user receiving a spam email message that says the following:

Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <software@itunes.com>
Attached file: iTunes_certificate_997.zip

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.


The attached .zip file is not is not a $50 gift certificate, it is malware. If you receive an email that looks like the one above, simply delete it. Whatever you do, do not download the attached zip file. Senior Technology Consultant with Sophos, Graham Cluley explains why: “Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.“ Sophos detects the malware, contained inside the ZIP file, as Troj/BredoZp-AM and Mal/FakeAV-BW.”

Sophos’ warning has been confirmed by TrendMicro, company that specializes in providing network antivirus and internet content security software. TrendMicro detects the attached malware as TROJ_SASFIS.HN.

“If executed, TROJ_SASFIS.HN drops the pgsb.lto (aka TROJ_DLOADR.SMVE) onto the system. This Trojan connects to websites to obtain instructions, which may include another URL wherein an updated copy of itself or another malware can be downloaded,” explained Anti-spam Research Engineer with TrendMicro, Merianne Polintan.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all