The Pushdo (Cutwail) spambot is a notorious scam machine which has recently been using a variety of social engineering themes and targets to push fake anti-virus, Bredolab and Zbot executables. One of Pushdo's latest themes is the online iTunes store which attempts to lure users to open a rich text format (RTF) file attachment claiming to be a "$50 iTunes Gift Certificate".
It seems a bit odd for the iTunes store to use a RTF document format for sending out iTunes gift certificates, and this alone should make most users suspicious. When we extracted the RTF file, we discovered an embedded executable that was a fake anti-virus installer.
Figure 1. Sample iTunes scam spam campaign
Opening the RTF document does not automatically run the executable file. However it relies on social engineering to convince a potential victim to click the file by using the unsophisticated filename "CLICK HERE.exe".
It pays not to get too excited with free stuff like this because opening a "$50 iTunes Gift Certificate" attachment could force you to pay $50 for bogus anti-virus software, not to mention placing your credit card information at risk.
MailMarshal Customers are protected from these campaigns with SpamCensor 443.
