Users are receiving emails which claim to be from the official iTunes store. These are specially crafted emails which lure the users by assuring them that they are amongst a few lucky ones to be selected for gift certificates amounting to $50.
Furthermore, the emails ask the users to open the attached zip file in order to obtain their certificate code.
Once the user extracts the zip file and tries to open the file, the malware gets executed on their machine and infects it. Unsurprisingly, there is no gift certificate either.
The email which I received for analysis contained a Backdoor.Cycbot.G file. Upon execution, it allowed the attacker unauthorized access and control of the infected computer. After a computer is infected the malware connects to a specific IRC server and joins a specific channel to receive further commands from the attacker.
Quick Heal successfully detects the malware and protects unsuspecting users.
No Comments, Be The First!