As the holiday shopping season is poised to start in the U.S. with tomorrow’s Black Friday, users are advised to be extra careful when it comes to too-good-to-be-true offers landing in their inboxes.
An example of this is a current spam email campaign that notifies them of having been the lucky recipient of a $50 gift certificate for iTunes:
“The spoofed email is purportedly from the iTunes Store, the subject line reads iTunes Gift Certificate, and the message includes an attachment that supposedly contains a certificate code,” warns Sophos.
Unfortunately, the zipped attachment is actually a variant of the backdoor-opening, information-stealing piece of malware detected by Sophos as Mal/BredoZp-B.