Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Apple overcharge fake mail conceals malware attack

Sophos : 26 November, 2012  (Technical Article)
A Blackhole-based malware attack is being delivered using a fake e-mail containing a receipt for a large charge from iTunes
Apple overcharge fake mail conceals malware attack

IT security and data protection firm Sophos has revealed a new malware attack, that is designed to steal money from computer users' bank accounts while posing as an $699.99 credit card charge from Apple iTunes.

At first glance, recipients may find the malicious emails quite realistic as they use Apple's logos and formatting to appear like a genuine emailed receipt from the company.

Users concerned about the unexpected charge are likely to click on one of the links contained in the email, and will then be taken to an unrelated webpage proclaiming to be the IRS, which silently uses the notorious Blackhole malware kit to exploit known vulnerabilities in Java, Adobe Flash Player and Adobe Reader.

If any of these are successful, it infects the computer with the Zeus/ZBot Trojan.  Worse still, if none of the exploits work, visitors are told to download a more "up to date" version of their browsers that contains a copy of the Zeus banking Trojan horse.

The end result is that users' Windows computers are infected by malware that can log keystrokes and compromise bank accounts.

“It is always a bad idea to click on links in unsolicited emails without thinking, but we may be more likely to do so when we think we are being charged a hefty amount of money for a product we haven't ordered,” said Graham Cluley, senior technology consultant at Sophos.  “Don’t do it. Instead, users should go to the website of the company in question, or call the number on the back of your card or billing statement to find out the truth."

"This is especially important advice at this time of year, as we typically see increased criminal activity during the Christmas season. Be on your guard," continued Cluley.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo