Black Friday iTunes infected credit malware alert

Apple iPhone Security experts say the infected email offers users credit for iTunes music, games and video

Related Stories

Criminals are targeting internet users with a new gift certificate scam, according to security experts.

Users receive an email that claims to be from Apple's iTunes store, warns the Eleven security blog.

The ZIP file attached contains malware that may allow hackers to gain access to the recipient's computer.

The blog says the attack appears to have been timed to coincide with Black Friday, one of the US's busiest shopping days.

Black Friday was the name used by Philadelphia's police department in the 1960s to describe the day after Thanksgiving because of all the traffic jams caused by people visiting the city's stores.

It is now viewed by many retailers as the start of the Christmas shopping season. They mark the day with one-off discounts and other special offers.

Eleven says the period has become one of the most popular times for internet scammers to target users.

Infected offer

The security firm says that users are told they have been sent $50 (£32) of iTunes store credit and need to open an attached file to find out their certificate code.

The file contains a program known as Mal/BredoZp-B. says the software opens up a backdoor on Windows users' computers and may also capture passwords and other information.

It says the code may also slow down the infected computer's performance and make files disappear.

The malware can be removed with the use of anti-spyware tools.

Facebook phishing

Security adviser Sophos warns of a separate threat linked to Facebook.

It says users are receiving emails claiming that they have violated the social network's policy regulations by annoying or insulting other members.

An attached link take users to a web page that presents them with a fake "Facebook Account Disabled" form.

The firm says that members are then asked to fill in a series of forms requesting their login details, country of residence and the first six digits of their credit card number.

If the users refuse they are told their account will be blocked automatically.

"New day, new attempt," writes Sophos's security writer Lisa Vaas on the company's blog.

"All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Signposts showing the US and UK flagsAn ocean apart

    How British misunderstanding of the US is growing

  • Before and after shotsPerfect body

    Just how reliable are 'before and after' photos?

  • Hillary Clinton frowns.Something to hide?

    Hillary's private emails threaten her air of inevitability

  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

Elsewhere on the BBC


  • Former al-Qaeda double agent Aimen DeanHARDtalk Watch

    Islamic State is about revenge says former al-Qaeda member turned spy Aimen Dean

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.