tumblr hit counter

iTunes Store Spam Campaign

Oct 1

Right after LinkedIn Spam Campaign, we saw a brand new Spam Campaign impersonating iTunes Store

The e-mail appears to arrive from on behalf of iTunes Store and is an exact copy of the official iTunes Store Receipt e-mail.

itune

From the email header,

From: iTunes Store
Subject: Your receipt #155562898256
Date: October 1, 2010 11:01:10 PM GMT+08:00
To: YourName
Delivered-To: your@email.address.com
Received: by 10.216.237.150 with SMTP id y22cs208673weq; Fri, 1 Oct 2010 07:04:49 -0700 (PDT)
Received: by 10.142.203.16 with SMTP id a16mr4707302wfg.213.1285941888137; Fri, 01 Oct 2010 07:04:48 -0700 (PDT)
Received: from email.address.com ([0.0.0.0]) by mx.google.com with ESMTP id 13si2771198wfg.81.2010.10.01.07.04.46; Fri, 01 Oct 2010 07:04:48 -0700 (PDT)
Received: from KVSCHALD (unknown [180.215.161.77]) by email.address.com (AntiSpam Platform) with ESMTP id 58C5ED8A2DC43D37 for ; Fri, 1 Oct 2010 22:04:25 +0800 (MYT)
Received: from badger1402.apple.com (badger1402.apple.com [17.254.6.185]) by mail.romanmfg.com with SMTP id A993453C8F8 for ; Fri, 1 Oct 2010 07:01:10 -0800

The whole purpose of the email is not to show what you have purchase from iTune Store, is to let you to click “Report a Problem” and lead you to a fake Adobe Flash installer.

After clicking the URL, we will be able to see,

The exe file is actually connecting to some .ru web site to download some other files.

##########.ru/bin/koethood.bin
www.#####.com/webhp
##########.ru/9xq/_gate.php
##########.ru/9xq/_gate.php
##########.ru/9xq/_gate.php

This is the malware report.

Post to Twitter

  • (10) Comments

Comments

  1. PaulE says:

    We would like to report we have experieienced the same issues that you have reported here LinkedIn followed by Itunes.

  2. Ammar says:

    I did download this fake “flash player”, i scaned and did a system restore.

    any suggestions how i can make sure that i do not have it..

  3. I think it is funny that the spammers try to lead Apple users to an Adobe Flash download.

    Either they are being ironical or may be they are so silly not to be aware of the Steve Jobs war against Adoble Flash.

    The ever-amazing world of spammers…

  4. Ana says:

    I received the same spam

Trackbacks

  1. [...] be sure that it’s from them before you click any links.  Lately people have been getting spam that appears to be a legit bill from iTunes that will attempt to install a fake Flash player if you [...]

  2. [...] screenshot fornito da PandaLabs mostra una falsa ricevuta di acquisti fatti sullo store multimediale di Apple con cifre totalmente [...]

  3. [...] fraude mostrada em imagem no blog da empresa informa à vítima uma compra no valor de aproximadamente US$ 900. A intenção do spammer é que o [...]

  4. [...] new spam campaign sees the attackers using fake iTunes receipts to get into your computer. They send you an email set up to look just like a receipt email from Apple, showing that you made [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories