Wednesday, October 6, 2010

iTunes scam lies about charges to users' accounts, installs Zeus

Online shoppers face a number of financial risks when they purchase music online. A recent scam targeting Apple's iTunes takes advantage of this, tricking users into clicking on a link to the dangerous Zeus botnet by claiming their accounts were charged with an expensive, unauthorized transaction on the media site.

Security firm PandaLabs uncovered the attack, alerting iTunes users to avoid emails that claim affiliation with Apple's media provider. The scam sends emails to iTunes users with a fake receipt that shows expensive charges to their accounts with the site. The message also provides a link, telling users to click on it to find more information, especially if they are under the impression that they did not make the purchase. The link connects users to a malicious website that installs a fake PDF reader. This program downloads and installs multiple malicious files from a website based in Russia before redirecting the user to a website that launches the Zeus Trojan into their PCs.

The attack is particularly dangerous, as the Zeus Trojan has stolen a total of $70 million by stealing banking and credit card information from consumers and businesses across the globe.

Security experts with PandaLabs pointed out the simplicity of this email spam attack. According to the firm's report, the fake receipt one of the users received in the email showed a total of $895.99 in charges, even though the unit price, subtotal and order total added up to a different amount than that.

Ironically, the same cyber criminals that can design an attack to steal millions of dollars with the Zeus Trojan are incapable of completing simple math in their spam emails.

However, even though the scam had a number of format flaws aside from the math mistakes, security experts explained even the simplest scams can successfully steal financial information.

"The techniques used to trick victims continue to be so simple, but the design and content is so very well-orchestrated. It's very easy to fall into the trap," said Luis Corrons, technical director of PandaLabs.

The simplicity of the recent iTunes Zeus Trojan attack shows how malware attacks have begun taking advantage of internet users' concerns. Fooling iTunes users into thinking their accounts were mysteriously charged hundreds or thousands of dollars through a simple email that directly links to a malicious website shows that cyber criminals expected their victims to naturally look for the easiest solution to solve the financial discrepancy. Corrons stresses the fact that this scam can be easy to avoid in the future, as Apple rarely contacts its iTunes users via email.

"When using services such as iTunes, it is absolutely crucial that users never go to the website via email, but rather from the platform itself where they can verify their account status," he said.

As new threats target the habits of online shoppers and their accounts, updating secure anti-malware software can safeguard financial information in case of any other deceptive scams.