Black Friday iTunes infected credit malware alert

Apple iPhone Security experts say the infected email offers users credit for iTunes music, games and video

Related Stories

Criminals are targeting internet users with a new gift certificate scam, according to security experts.

Users receive an email that claims to be from Apple's iTunes store, warns the Eleven security blog.

The ZIP file attached contains malware that may allow hackers to gain access to the recipient's computer.

The blog says the attack appears to have been timed to coincide with Black Friday, one of the US's busiest shopping days.

Black Friday was the name used by Philadelphia's police department in the 1960s to describe the day after Thanksgiving because of all the traffic jams caused by people visiting the city's stores.

It is now viewed by many retailers as the start of the Christmas shopping season. They mark the day with one-off discounts and other special offers.

Eleven says the period has become one of the most popular times for internet scammers to target users.

Infected offer

The security firm says that users are told they have been sent $50 (£32) of iTunes store credit and need to open an attached file to find out their certificate code.

The file contains a program known as Mal/BredoZp-B.

PCthreat.com says the software opens up a backdoor on Windows users' computers and may also capture passwords and other information.

It says the code may also slow down the infected computer's performance and make files disappear.

The malware can be removed with the use of anti-spyware tools.

Facebook phishing

Security adviser Sophos warns of a separate threat linked to Facebook.

It says users are receiving emails claiming that they have violated the social network's policy regulations by annoying or insulting other members.

An attached link take users to a web page that presents them with a fake "Facebook Account Disabled" form.

The firm says that members are then asked to fill in a series of forms requesting their login details, country of residence and the first six digits of their credit card number.

If the users refuse they are told their account will be blocked automatically.

"New day, new attempt," writes Sophos's security writer Lisa Vaas on the company's blog.

"All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

Elsewhere on the BBC

  • StuntmanStuntman to the stars

    Driving dangerously and falling off buildings are all part of the day job for Bobby Holland Hanton

Programmes

  • The smartphones of shoppers being tracked in a storeClick Watch

    How free wi-fi can enable businesses to track our movements and learn more about us

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.