Malware on iTunes Gift Certificate Email Notices

May 9, 2010 | By | 5 Replies More

Reading time: 2 – 4 minutes

I haven’t bought any gift certificate from iTunes ever so I was fascinated when I came to read an email allegedly coming from iTunes informing me of a purchase for $50 worth of iTunes gift certificate.

It was strange because the email was sent to my personal ISP email address via Outlook Express which I rarely even use for more than two years. The email came from “iTunes Store” (online.services@itunes.com) which looks quite believable because of the itunes.com domain.

The email reads,

“Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store”

The email is really very informal so it’s fishy in other words (see attached screenshot of the email below).

Malware on iTunes Gift Certificate Email Notice

Again, my curiosity hits me so I tried to download the attachments but it was blocked by my Win XP2 OS so I didn’t pursue with the idea.

“Windows normally blocks suspicious emails if your program is running in a strong security mode.”

Most files that contain script or code that could run without your permission will be blocked e.g., files with extensions ending in .exe, .bat, and .js.

The attached file on the email is in .zip format so it’s likely that the hidden file which could be an executable (as most malware does) was compressed into a zip file for easier distribution.

Windows Security Warning

It’s good however that Windows was able to detect the malicious file before it was even downloaded since in Yahoo as I’ve experienced before, although they scan the attachment prior to download using Norton, my post about a Facebook password reset email confirmation containing malware as attached file was not detected until after a few days.

Another lesson learned so far. Always check the veracity of an email before downloading any attachment and if found suspicious, delete them right away. End of story.

Got something similar to share? Let’s talk about it in the comments section.

Tags: , , ,

Category: security-privacy

Comments (5)

Trackback URL | Comments RSS Feed

  1. My good luck is, I maintain all my account(including pop up) via gmail and gmail always secure me from this type of email. They have a great spam blocking system and also allow me to access my email from anywhere.
    .-= Arafat Hossain Piyada´s last blog ..9 Excellent hack you should try on your WordPress blog =-.

  2. Mathdelane says:

    This is the first time I got an email like this from my ISP email address. Spam sometimes gets through our ISPs security systems. I should say that it’s inevitable. It’s up for us to take caution. Gmail is good thou as a free mail service but it’s different from my ISP email account (as mentioned above) which is included in their free service.

  3. Ha ha… I knew it. The moment I saw the matter of this discussion early on, I knew you can’t help but try to do what I myself would be scared to even think of trying…attempt to download the attachment. LOL. I admit being disappointed when you stopped after the first block by the OS. I thought you would push your luck further. 🙂

    Me? I have now a phobia for these kinds of things. Yes, I now check the veracity of the email and its sender. Anything even slightly suspicious gets deleted pronto.
    .-= James Moralde´s last blog ..First Computerized Election: Quicker Poll Results =-.

  4. Mathdelane says:

    I just thought that following some warnings would save me from hassles especially that I’m into something for the past few days so I can’t afford using my PC for an experiment.

    Yes, I could have downloaded it and see what it’s like but not for the time being. 😉

  5. Zack says:

    I hate how much malware is spreading through the web. I’ve picked up nasty viruses form StumbleUpon and from blogs. It’s just not cool.

Leave a Reply