Yesterday I received a suspicious email with a attachment. The mail had subject line as:
\nThank you for buying iTunes Gift Certificate!<\/p>\n
I am a iPhone user and do have my account at Apple Store. Initially a thought came in my mind like whether somebody had hacked into my Apple Store account and done a online shopping on my name. Just as I went through the message content I realized its a mail sent by some malware using iTunes subject and message as with good social engineering technique. Quick Heal’s DNAScan did flashed a warning of attachment being suspicious and immediately quarantined it.<\/p>\n
The email looked as follows:<\/p>\n
——————-<\/p>\n
From: “iTunes Online Store”
\nTo: <**********************>
\nSubject: Thank you for buying iTunes Gift Certificate!
\nDate: Wed, 26 May 2010 09:42:07 +0100<\/p>\n
Hello!<\/p>\n
You have received an iTunes Gift Certificate in the amount of $50.00
\nYou can find your certificate code in attachment below.
\nThen you need to open iTunes. Once you verify your account, $50.00 will
\nbe credited to your account, so you can start buying music, games,
\nvideo right away.<\/p>\n
iTunes Store.
\n——————-<\/p>\n
On carefully analyzing the attached file my suspicion was confirmed that it indeed was a new variant of Trojan.Bredolab that was being spammed to un-suspecting users through email attachment.<\/p>\n
The Trojan made below changes on my Test PC. It modified the registry entry of WinLogon so that it can load in the system automatically.
\nand dropped a Trojan file in Temp folder. Upon execution it tried to reach out some server in Russia.<\/p>\n
Quick Heal now detects and cleans this Trojan by the name Trojan.Bredolab, so Quick Heal users not to worry!<\/p>\n","protected":false},"excerpt":{"rendered":"
Yesterday I received a suspicious email with a attachment. The mail had subject line as: Thank you for buying iTunes Gift Certificate! I am a iPhone user and do have my account at Apple Store. Initially a thought came in my mind like whether somebody had hacked into my Apple Store account and done a […]<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72862","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72862"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72862"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72862\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}