iTunes Store Spam Campaign

Right after LinkedIn Spam Campaign, we saw a brand new Spam Campaign impersonating iTunes Store

The e-mail appears to arrive from on behalf of iTunes Store and is an exact copy of the official iTunes Store Receipt e-mail.

itune

From the email header,

From: iTunes Store
Subject: Your receipt #155562898256
Date: October 1, 2010 11:01:10 PM GMT+08:00
To: YourName
Delivered-To: your@email.address.com
Received: by 10.216.237.150 with SMTP id y22cs208673weq; Fri, 1 Oct 2010 07:04:49 -0700 (PDT)
Received: by 10.142.203.16 with SMTP id a16mr4707302wfg.213.1285941888137; Fri, 01 Oct 2010 07:04:48 -0700 (PDT)
Received: from email.address.com ([0.0.0.0]) by mx.google.com with ESMTP id 13si2771198wfg.81.2010.10.01.07.04.46; Fri, 01 Oct 2010 07:04:48 -0700 (PDT)
Received: from KVSCHALD (unknown [180.215.161.77]) by email.address.com (AntiSpam Platform) with ESMTP id 58C5ED8A2DC43D37 for ; Fri, 1 Oct 2010 22:04:25 +0800 (MYT)
Received: from badger1402.apple.com (badger1402.apple.com [17.254.6.185]) by mail.romanmfg.com with SMTP id A993453C8F8 for ; Fri, 1 Oct 2010 07:01:10 -0800

The whole purpose of the email is not to show what you have purchase from iTune Store, is to let you to click “Report a Problem” and lead you to a fake Adobe Flash installer.

After clicking the URL, we will be able to see,

The exe file is actually connecting to some .ru web site to download some other files.

##########.ru/bin/koethood.bin
www.#####.com/webhp
##########.ru/9xq/_gate.php
##########.ru/9xq/_gate.php
##########.ru/9xq/_gate.php

This is the malware report.

Related News

10 Responses

Leave a Reply
  1. PaulE
    Oct 01, 2010 - 04:40 PM

    We would like to report we have experieienced the same issues that you have reported here LinkedIn followed by Itunes.

    Reply
  2. Ammar
    Oct 01, 2010 - 05:55 PM

    I did download this fake “flash player”, i scaned and did a system restore.

    any suggestions how i can make sure that i do not have it..

    Reply
  3. FunnySpammers
    Oct 04, 2010 - 04:38 PM

    I think it is funny that the spammers try to lead Apple users to an Adobe Flash download.

    Either they are being ironical or may be they are so silly not to be aware of the Steve Jobs war against Adoble Flash.

    The ever-amazing world of spammers…

    Reply
  4. Ana
    Nov 28, 2010 - 09:30 PM

    I received the same spam

    Reply

Trackbacks/Pingbacks

  1. More Spam Targeting iTunes | Apple iProblems | News on iPhone, iPod, iTunes, iPad & iMac
  2. Massive phishing attack uses iTunes as a lure to steal bank details | Press Panda Security
  3. Attenzione alle ricevute di iTunes, ve le possono suonare | setteB.IT
  4. Malware finge ser relatório de compra da iTunes Store « Defesa Digital – tudo para você saber qual antivirus usar
  5. New Spam Emails Fake iTunes Receipts | iPhoneBizBlog
  6. | IT Blog @ LFE | iTunes Store Spam Campaign |

Leave a Reply

Your email address will not be published. Required fields are marked *

COPYRIGHT 2014 PANDA SECURITY