Sophos sounds alarm over Apple iTunes malware scam

Music cloud

PC users are being duped by a new type of malware that uses a fake Apple iTunes credit card charge to steal money from their bank accounts.

Security vendor Sophos is warning people to be on their guard against the scam, which typically starts with computer users receiving a malicious email informing them of a $699.99 Apple iTunes credit card charge.

"At first glance, recipients may find the malicious emails quite realistic as they use Apple's logos and formatting to appear like a genuine emailed receipt from the company," said Sophos in a statement.

Users' computers can be infected by malware that logs keystrokes and compromise bank accounts.

When users click on one of the links contained in the email, they are taken to a web page purporting to belong to the IRS, which houses a Blackhole malware kit.

This is typically used to exploit vulnerabilities in Java, Adobe Reader and Adobe Flash Player, Sophos warns, which can lead to systems getting infected by a Zeus/Zbot Trojan.

However, if none of the exploits work, users are instructed to download a more recent version of their web browser, which contains a copy of the Zeus banking Trojan.

"The end result is that users' Windows computers are infected by malware that can log keystrokes and compromise bank accounts," said Sophos.

Graham Cluley, senior technology consultant at Sophos, said users should always treat links in unsolicited emails with caution.

"Instead, users should go to the website of the company in question, or call the number on the back of your card or billing statement to find out the truth," he advised.

"This is especially important at this time of year, as we typically see increased criminal activity during the Christmas season," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.