Malware targets Windows users

An email scam is exploiting Black Friday shoppers interested in picking up iTunes gift cards, says German site Eleven Security. The message uses the subject line "iTunes Gift Certificate," and has has an attached file listed as "Gift_Certificate_iT9581.zip". A simple body of text promises that the attachment contains a "certificate code" which can be redeemed for $50 in credit toward "video, music, games" at the iTunes Store.

In reality the ZIP file contains executables with malware directed at Windows users. If installed, the code then contacts a remote server and waits for further instructions, although the exact intention of the software's authors is unclear. Evidence that the emails are targeting American Thanksgiving shoppers is said to include timing, choice of language, and the fact that half of the emails sent are coming from US addresses.

The scam should be easy to identify. The email sender is listed as "official@itunes.apple.com," an address Apple never uses. The company also never sends plain-text messages, or redeemable codes buried in other files. The text is poorly written, for example using inconsistent spellings of iTunes.

by MacNN Staff