Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 103 - June 2010 - Page 8

Pages in this month's issue:
  1. Image Showing a Kayak in the Mouth of a Whale
  2. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  3. Coca-Cola Online Promo Advance Fee Scam
  4. LeBleu Family Prayer Request Message
  5. Liquid Mountaineering Video - Walking on Water
  6. Cessna Citation Engines Damaged by Volcanic Ash Hoax
  7. Killer House Plant Warning
  8. iTunes Gift Certificate Trojan Email
  9. Russian K-7 Heavy Bomber Images
  10. Paypal New Message Phishing Scam
  11. Letter Z To Be Removed from the Alphabet Hoax
  12. Refugee Monthly Allowance From Australian Government Hoax
  13. FIFA 2010 World Cup Lottery Scam
  14. Audri King Prayer Request
  15. Distracting Beach Babes Facebook Malware Attack
  16. Michael Verster Missing Child Alert
  17. Kevin Carter Pulitzer Prize Photograph

Issue 103 Start Menu

Previous Article            Next Article

iTunes Gift Certificate Trojan Email

Outline
Email claims that the recipient has received an iTunes Gift Certificate worth $50.00 and instructs him or her to open an attached file to access a certificate code.



Brief Analysis
The email is not from iTunes and the claim that it contains an iTunes Gift Certificate is a lie designed to fool recipients into opening the attached file. Those who open the attachment may install an trojan that can give hackers access to their computers.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 10th May 2010
First published: 10th May 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Thank you for buying iTunes Gift Certificate!

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00 You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.




Detailed Analysis
This email purports to be an official message from the iTunes Store and claims that the recipient has been given an iTunes Gift Certificate to the value of $50. According to the message, the recipient can redeem the gift certificate and begin buying music and other items from the iTunes Store by using the certificate code supposedly contained in a file attached to the email.

However, the email is not from iTunes and the promise of a $50 gift certificate is simply the bait used to entice recipients into opening the email's attachment. A recipient who does open the attachment will certainly not find a certificate code. Instead, by clicking the attachment, he or she will inadvertently launch a malicious application that can install a trojan on his or her computer. Once installed, this trojan can then modify the Windows registry, potentially give hackers access to the infected computer by connecting to a remote server, and download and install even more malware components.

Internet criminals often use the lure of supposedly free gifts, products and services as a means of fooling victims into opening malicious attachments or websites. By offering what appears to be an unexpected gift, these criminals hope that their victims will fall for their traps by following instructions without due forethought. They further the illusion that their bogus messages are legitimate by using the names and methods of genuine organizations.

By attempting to mirror the distribution methods of the targeted company, malware distributors often manage to make their malicious message seem more genuine. Of course, the iTunes Store is certainly real and offers a perfectly legitimate method of buying music and other items online. Moreover, iTunes users can indeed buy iTunes Gift Certificates for their friends or family members. And the person receiving the gift may well be sent an email notifying them that they have been given a certificate. However, such notification messages are likely to include the name of the sender along with a personal message and will not hide the certificate code in a separate email attachment.

Bookmark and Share

References
Threat Outbreak Alert: Fake iTunes Gift Certificate E-mail Messages
“Thank you for buying iTunes Gift Certificate!” email contains trojan

Previous Article            Next Article

Issue 103 Start Menu

Pages in this month's issue:
  1. Image Showing a Kayak in the Mouth of a Whale
  2. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  3. Coca-Cola Online Promo Advance Fee Scam
  4. LeBleu Family Prayer Request Message
  5. Liquid Mountaineering Video - Walking on Water
  6. Cessna Citation Engines Damaged by Volcanic Ash Hoax
  7. Killer House Plant Warning
  8. iTunes Gift Certificate Trojan Email
  9. Russian K-7 Heavy Bomber Images
  10. Paypal New Message Phishing Scam
  11. Letter Z To Be Removed from the Alphabet Hoax
  12. Refugee Monthly Allowance From Australian Government Hoax
  13. FIFA 2010 World Cup Lottery Scam
  14. Audri King Prayer Request
  15. Distracting Beach Babes Facebook Malware Attack
  16. Michael Verster Missing Child Alert
  17. Kevin Carter Pulitzer Prize Photograph