-----BEGIN PGP SIGNED MESSAGE-----
We've received a significant number of emails today which appear to be
receipts from iTunes Store purchases. Those I've sampled each
purport a large purchase, a smaller credit, and a net charge to the
recipient's iTunes account, with links to "Write a review" and "Report a
problem". The targets of those links are gibberish domains (all so far
within the .info TLD), and visiting them redirects to a site
distributing an .exe ("Flash_installer.exe" was the one I got) that
matches VirusTotal's hashes for a roll of ZeuS.
VirusTotal indicates that the NOD32 engine *does* identify this file
Of the 16 I've received since noticing the pattern, 10 were marked as
SPAM? by PureMessage.
If you run across anyone who did follow the links in an attempt to
prevent the fictitious charges to their account, it's worth
verifying that NOD32 caught it.
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.8)
-----END PGP SIGNATURE-----