I received an email from iTunes late last night claiming that I have received an iTunes Gift Certificate worth $50.00. The email instructed me to open an attached file to access a certificate code. Do not open this attachment!
I opened the attachment on my test machine to see what it was. My security tools identified the Trojan immediately.
The email is a hoax and it doesn’t contain any iTunes Gift Certificate. The criminals behind the email are trying to fool recipients into opening the attached file. Those who open the attachment will install a malicious Trojan that can give hackers access to their computers.
Example email:
Subject: Thank you for buying iTunes Gift Certificate!
Hello!
You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in attachment below.
Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.
iTunes Store.
If you open the attachment you will not find a certificate code. Unfortunately, many users will take the bait and open the attachment. Once the attachment is opened he or she will inadvertently launch a malicious application that can install a Trojan. Once installed, this Trojan can then modify the Windows registry, potentially give hackers access to the infected computer by connecting to a remote server, and download and install even more Malware components.
E-mail messages that are related to this threat may contain the following files:
iTunes_certificate_197.zip
iTunes_certificate_147.exe
This tactic is often used to lure victims in believing they won something or they’re receiving a free gift. Internet Criminals will use logos and other content from the legitimate site in hopes that their victims will fall for the bait.
Hackers are now taking advantage of people’s weakness for free things.
Just got the email as well.
Gift_Certificate_651.zip
Colby,
I hope you deleted it! :)
Just received two of these!
I hate these people!
Can I send it to a spoof@ email address?
Esther,
I would not reply to the spoof email or your email may find its way on other spam lists.
I got this one today but it contained the following file;
Gift_Certificate_131.zip
Some people are going to get caught out by this one I think, not because they are stupid but because people see FREE and $50 and think WOW!
Reply address gives it away though, mine was reply to enticings7@AtlanticDevelopmentGroup.com and was sent from account@itunes.com
Jarrod,
Nice catch and I agree with you as some people will get fooled with this scam.
I just got the same email, the criminals are good, when you click on reply it shows the email address as iTunes On
online.shop@itunes.com
They’re getting smarter, because us users are getting smarter.
I just received that email and it just didn’t ring true, so I googled it and sure enough….and yes a lot of folks will get fooled.
I just received one and thought it looked suspicious so scanned it – but Microsoft Security Essentials said it was OK! Just as well I Googled it ….
Kim,
Good move to take it one step further!
I just got one of these emails too. Did not open the file. I emailed the supposed reply address (not itunes even though they made it look like Itunes had sent it), and the email came back as undeliverable.
Tried seeing if itunes had an address to forward the scam to, but I couldn’t find one. You’d think they’d want to be on this one.
You have to look at the file itself, if the file is a .zip and when you double click on that file you see .exe that is a red flag, and tells you right away it’s a virus. Because exe means executable, it’s a program. Nobody would ever send you an exe file, it would be a .doc or .pdf or whatever. I also see this scam in the form of UPS telling me they lost my package. If you happen to open a file like this, go and search google for a program called maleware bytes, it’s a free program that will clear your computer of this type of trojan virus.
Scott,
Thanks for the share. I always appreciate people helping people!
Mine came from accordionsi37@intranet.asia, but the reply to is certificate.support@itunes.com
$50 worth of free music would have been nice, though.
beni,
It would be nice, but some things free, cost more than you think.
This is a bit more than “bait and switch” ;-) The use of Social Engineering to trick people into clicking on things they shouldn’t continues to rise.
Interesting that Microsoft Security Essentials did not catch this. I’m not sure how often MS Essentials updates.
Once again proves the old saying, “If it seems too good to be real it probably is.”
Mike,
Amen brother! The hoax here is that people love free stuff and that’s the bait.
They are clever but don’t offer me $50 when my store deals in £’s.
What – Apple give $50 for free? DEFINITELY a hoax!!!!! I received one of these too!!!!!!
jamiih,
Good catch and way to be cautious!
Wrote a German Blog entry about this topic.
Have a look at: http://www.henning-uhle.eu/informatik/vorsicht-vor-itunes-geschenken
Best wishes,
Henning Uhle
Hi, I got this e-mail yesterday and I immediately became suspicious when I saw it was a $50 gift voucher (plus the e-mail adresses looked strange), if the e-mail said it was a $5 voucher I could have fallen for it as I have bought a lot of music from iTunes recently and would have thought i was being sent a loyalty card type voucher.
I’m glad I found this page after doing my google and know now I was right to be suspicious.
Kellie,
I am glad you didn’t fall for this scam. Thanks for commenting and hope to see more!
I received a couple of these a little while ago, and the scary thing is that neither Forefront for MS Exchange on the server, or AVG on the client detected this as malware. On the client I even extracted the .exe file and manually scanned it after manually updating my virus definitions to make sure that they were current, and AVG still didn’t flag either the .zip file or the extracted .exe file as malware. That’s not good.
Hi! I just received this email today and was quite curious what it was. I was scared to open it so I googled “hoax email Thank you for buying iTunes Gift Certificate!” and came to this site. I have just deleted it. Thanks for the information!
Maria,
I am happy you found us in search before opening up that hoax email. WTG!
Received below mail, msbai@planet.tn isn’t my mail add, have scanned attached file with my old antivirus and no infection detected but I have deleted the message and file.
* * * * *
iTunes Products”
Sujet: [SPAM] Thank you for buying iTunes Gift Certificate!
Date: Fri, 28 May 2010 11:03:26 +0900
A:
Hello!
You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below. Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.
iTunes Store.
Attached: Gift_Certificate_151.zip (53Kbytes)
* * * * *
All the best / Maan
Maan,
Good catch and glad you deleted the email.
Thanks for this! I recieved this email and googled it right away.
The attachment was:
Gift_Certificate_251.zip
Jess,
I see everyone commenting did the right thing and checked further to see if this was real or not.
I was suspicious because it came to an email address that I use for my business, which is not the email address I use for my apple account. This really concerns me because this email address is on our own secured server, not like a public address like msn.com or yahoo.com.
I bit. I’d just ordered a bunch of stuff on itunes and, stupid me, thought I was the recipient of a random reward. I’m Mac OS. Should I be concerned? Everything I’ve read seems to indicate the trojan is as usual a windows thing.
Should us mac folk be concerned?
Mark,
Mac folks will should be cautious regardless of how exposed Windows has been.
Thanks Frank,
I’ve got no kind of malware for mac. Is there anything I should purchase to search and expunge? Or am I doomed to wait to see if my bank accounts start draining?
Mark,
Just be cautious when receiving unsolicited email.
Frank,
just to clarify and close loop here, you don’t think there is any software available to search and expunge this for mac? Excuse the persistence.
Mark,
It’s mostly email related so no to your question and just use your eyes on this one.
Thanks for putting this up! I got notice of this from a coworker and googled so that I could inform my friends and family. A lot of us our itunes subscribers and would have fallen for this. I’m really good about not opening suspect attachments, but I might have fallen for this thinking it was a birthday gift from an extended family member, since my birthday is coming up. Glad folks are looking out for each other!
Jenni,
I am so happy that we can identify and notify our readers. Thank you and hope you visit again!
Thank you so much for posting this! I got a similar email and kind of figured it was a scam….
Heidi,
You are very welcome and I am glad you found the article from search.
Hi there,
I received this twice and the reply to address on mine is:
giantfkb@newreference.com
You said it right when you say the criminals are getting smarter because we are getting smarter!