Supposed iTunes gift certificates doing the rounds in the run-up to Thanksgiving are actually loaded with malware.

Spoofed emails purportedly offering $50 vouchers for the iTunes Store, which arrive with email subject lines such as "iTunes Gift Certificate", come with an attachment supposedly containing a certificate code. In reality, these zip file attachments are infected with the Windows PC-compatible malware, detected by Sophos as BredoZp-B and first spotted by German infosec group eleven-security*.

The scam - illustrated with screenshots and explained in more depth by net security firm Sophos here - is likely to be repeated by similar scams in the run up to Christmas, at least if previous years are anything to go by. ®

Bootnote

* We'd like to think eleven-security employed someone called Nigel Tufnel as a spokesman but this is probably just a Spinal Tap-inspired flight of fancy on our part.

Related stories

• Cops cuff premium-rate SMS Android malware suspects (28 February 2012)
• Open ... and Shut Beware the software security scare silly season (25 November 2011)
• Cyber-cop Trojan used iTunes flaw to spy on crims (22 November 2011)
• Apple plugs iTunes Ghost Click hole (17 November 2011)
• iTunes gifting scam plunges Reg reader into the red (25 January 2011)