A wave of fake iTunes e-mails falsely alerting recipients about their accounts facing suspension directs them to a Web page that tries to install malware on their computers. The rogue e-mails are crafted to appear as if they originate from a contact@itunes(dot)com address and bear a subject of “iTunes account may be suspended.” This sounds like a phishing scam, but the general manager of the security software division at GFI said the intention of the attackers is to silently infect users. The cyber criminals behind the e-mails even try to earn people’s trust noting in the e-mail that “iTunes will never ask you for your password or any confidential information.” Satisfied this is probably not a phishing attack, users might click on the link to see additional information. If they do, they are taken to a page mimicking an Apple support article entitled “How to report an issue with Your iTunes Store purchase.” The site might look benign, but in the background it loads scripts that try to exploit vulnerabilities in outdated versions of Flash Player, Java, and even unpatched Windows installations, to download and install malware.
