Original URL: http://www.theregister.co.uk/2011/11/24/fake_itunes_gift_cert_malware/

Thanksgiving menaced by virus-laden fake iTunes vouchers

Malware-hunters finger scam

By John Leyden

Posted in Security, 24th November 2011 14:31 GMT

Supposed iTunes gift certificates doing the rounds in the run-up to Thanksgiving are actually loaded with malware.

Spoofed emails purportedly offering $50 vouchers for the iTunes Store, which arrive with email subject lines such as "iTunes Gift Certificate", come with an attachment supposedly containing a certificate code. In reality, these zip file attachments are infected with the Windows PC-compatible malware, detected by Sophos as BredoZp-B and first spotted by German infosec group eleven-security*.

The scam - illustrated with screenshots and explained in more depth by net security firm Sophos here - is likely to be repeated by similar scams in the run up to Christmas, at least if previous years are anything to go by. ®

Bootnote

* We'd like to think eleven-security employed someone called Nigel Tufnel as a spokesman but this is probably just a Spinal Tap-inspired flight of fancy on our part.