Dec 21, 2010 16:56 GMT  ·  By

A wave of fake iTunes emails falsely alerting recipients about their accounts facing suspension directs them to a Web page that tries to install malware on their computers.

The rogue emails are crafted to appear as if they originate from a [email protected] address and bear a subject of "iTunes account may be suspended."

"Dear iTunes Customer, it is possible that your account password has been stolen. 4 different IP addresses have been used to login to your account within the last 24 hours. Please visit the bellow link and read what to do and how to contact support department," the message reads.

This sounds very much like a phishing scam, but Alex Eckleberry, general manager of the security software division at GFI, points out that the intention of the attackers is to silently infect users.

The cyber criminals behind the emails even try to earn people's trust noting in the email that "iTunes will never ask you for your password or any confidential information."

Satisfied that this is probably not a phishing attack, users might click on the link to see additional information.

In that case, they would be taken to a page mimicking an Apple support article entitled "How to report an issue with Your iTunes Store purchase."

The site might look benign, but in the background it loads scripts that try to exploit vulnerabilities in outdated versions of Flash Player, Java and even unpatched Windows installations, in order to download and install malware.

Such attacks are known as drive-by downloads and the exploitation occurs transparently to the victims. Users are strongly encouraged to keep their applications up to date and browse the Web with a capable antivirus installed.

Free programs like Secunia Personal Software Inspector can automate the task of patching popular applications.