Thanksgiving menaced by virus-laden fake iTunes vouchers
Malware-hunters finger scam
Customer Success Testimonial: Recovery is Everything
Supposed iTunes gift certificates doing the rounds in the run-up to Thanksgiving are actually loaded with malware.
Spoofed emails purportedly offering $50 vouchers for the iTunes Store, which arrive with email subject lines such as "iTunes Gift Certificate", come with an attachment supposedly containing a certificate code. In reality, these zip file attachments are infected with the Windows PC-compatible malware, detected by Sophos as BredoZp-B and first spotted by German infosec group eleven-security*.
The scam - illustrated with screenshots and explained in more depth by net security firm Sophos here - is likely to be repeated by similar scams in the run up to Christmas, at least if previous years are anything to go by. ®
Bootnote
* We'd like to think eleven-security employed someone called Nigel Tufnel as a spokesman but this is probably just a Spinal Tap-inspired flight of fancy on our part.
COMMENTS
PEBKAC
If you run ANY OS as admin and run attachments from anybody? Well enjoy your malware. Since switching my customers over to Windows 7 I haven't seen a bit of malware, zip zero none. In fact since Vista there was only one bonehead customer who after I told him flat footed "There is NO Limewire anymore, that was shut down 2 years ago, anything that says its Limewire is malware!" promptly went home, downloaded "the new limewire" and when the AV did its job and put a screeching halt to the install he UNINSTALLED THE AV because it "wouldn't let me install my program" and then had the nerve to want me to fix it for free since "it got infected in a single day" Well duh, that's because you're an idiot!
If you want to know why Windows has the most bugs, see my customer above. if they want something they WILL install it, they'll ignore or even uninstall the AV if that is what it takes. i wonder how many geniuses uninstalled their AV because it wouldn't let them get at "my free iTunes gift card!" that they wanted?
@ the respected Microsoft trolls
>>Why do you think this malware might be triggered just by opening the body of the message ?
That was my guess, as I said there, and what is the vector according to you? You have any info and links, any other reason to write a whole article about it? So why is so much ado about email threats? What's the deal? Maybe as a pro-MS troll, you are more familiar with that? Just do not tell me that viruses are not vexing users with MS products any more. I just helped a friend to get rid a scareware she or her daughter picked up by visiting a a website. As a comparison, an old (maybe outdated) version of Ubuntu I helped install ( win XP broke irreversibly and wouldn't fix) has been running flawlessly for 3 years without any malware.
@eulampos
Why do you think this malware might be triggered just by opening the body of the message ? The article clearly says the payload it attached as an archive.
I appreciate that you are an obvious anti-MS troll, but the last MS email client that would execute script in a preview window was probably outlook express 5.

IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything