Thursday, October 7, 2010

Fake iTunes Bill Can Drain Your Bank Account

The following article is from Eastman's Online Genealogy Newsletter and is copyright by Richard W. Eastman. It is re-published here with the permission of the author. Information about the newsletter is available at 

I received one of these email messages a few days ago. Luckily, Gmail placed it in my spam folder so I didn't see it until today when I went looking for it. You have to hand it to these scam artists: they certainly are clever at devising methods of stealing your money.

I wrote a couple of days ago at about a "trojan" email message that steals your user IDs and passwords to your online banking account. This new scam is a different Trojan message with a very clever delivery method.

The new scam sends a fake "iTunes receipt" email message to millions of people. The message appears to be completely authentic, except for the price shown in your bill. The message I received was for nearly $1,000. That's part of the trap.

Most people are likely to take action when seeing an "incorrect amount" appear on their bill. (I didn't do that because I never saw the "bill" in my spam folder until I went looking for it later, after reading about the new scam.)  Most people will click on the "report a problem" link that is included in the email message. However, that link takes you to a rogue web page that downloads the same Zeus trojan malware as described in the earlier article to your Windows computer. (Linux and Macintosh computers will not be affected.)

The program then waits for the user to log onto a list of targeted banks and financial institutions, and then steals login credentials and other data which are immediately sent to a remote server hosted by cybercriminals. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Panda Labs released a statement explaining the infection process:
"After clicking the link, the victim is asked to download a fake PDF reader. Once installation is complete, the user is redirected to an infected web page containing the Zeus Trojan, which is specifically designed to steal personal data."
Here is the full announcement from Panda Labs:
Massive Phishing Attack Uses iTunes as Lure to Steal Bank Details, Reports PandaLabs

ORLANDO, Fla., Oct. 4 -- PandaLabs, Panda Security's antimalware laboratory, has discovered that Apple's popular iTunes platform has become a major target for hackers looking to steal credit card data from the service's millions of users. 

Victims receive a cleverly-crafted email informing them that they have made an expensive purchase on iTunes. The user, having never made the purchase to begin with, is concerned by the email and naturally tries to resolve the problem – in this case by clicking on the proffered (fake) link. An example of this fraudulent iTunes receipt can be seen here:

After clicking the link, the victim is asked to download a fake PDF reader. Once installation is complete, the user is redirected to an infected Web page containing the Zeus Trojan, which is specifically designed to steal personal data. This phishing attack was uncovered shortly after a similar phishing attack targeting LinkedIn users appeared last week, which appears to have originated in Russia.

"Phishing is nothing new," said Luis Corrons, Technical Director of PandaLabs. "What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, but the design and content is so very well-orchestrated. It's very easy to fall into the trap. When using services such as iTunes, it is absolutely crucial that users never go to the website via email, but rather from the platform itself where they can verify their account status." 

This technique has been reported to the Anti-Phishing Working Group, which has started to block some of the Web addresses linked to in the fake email. 

PandaLabs advises all users to be wary of any emails related to iTunes, regardless of how genuine they seem. Users who think they may have been affected are urged to scan their computers thoroughly to locate and remove any possible active threats. [Windows] Users who do not have an antivirus installed can use Panda Cloud Antivirus, a free security service available at

More information is available in the PandaLabs Blog.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog:

Community News You Can Use
Click to read MORE news:
Twitter: @gafrontpage & @TheGATable @HookedonHistory
Twitter: @artsacrossga, @softnblue, @RimbomboAAG
Twitter: @FayetteFP

No comments: