Supposed iTunes gift certificates doing the rounds in the run-up to Thanksgiving are actually loaded with malware.
Spoofed emails purportedly offering $50 vouchers for the iTunes Store, which arrive with email subject lines such as "iTunes Gift Certificate", come with an attachment supposedly containing a certificate code. In reality, these zip file attachments are infected with the Windows PC-compatible malware, detected by Sophos as BredoZp-B and first spotted by German infosec group eleven-security*.
The scam - illustrated with screenshots and explained in more depth by net security firm Sophos here - is likely to be repeated by similar scams in the run up to Christmas, at least if previous years are anything to go by. ®
* We'd like to think eleven-security employed someone called Nigel Tufnel as a spokesman but this is probably just a Spinal Tap-inspired flight of fancy on our part.