Fake iTunes e-mail leads to drive-by download

E-mails purportedly coming from iTunes and bearing “iTunes account may be suspended” in the subject line have been hitting inboxes in the last few days.

“Dear iTunes Customer, it is possible that your account password has been stolen. 4 different IP addresses have been used to login to your account within the last 24 hours. Please visit the bellow link and read what to do and how to contact support department,” says in the message.

At first glance, this seems a typical phishing e-mail. But no – “iTunes will never ask you for your password or any confidential information,” claims the e-mail, and perhaps gains the trust of some users who then proceed to click on the link.

They land on a fake Apple support page, and it doesn’t ask them to share any confidential information:

But, unbeknownst to them, the site silently serves a malicious script that tries to exploit vulnerabilities in older versions of Java and Windows Help to gain access to the system and download and install malware. Users that patch their OS and software regularly are safe from this attack.