The Latest in IT Security

iTunes “Christmas gift card” / /


Here’s a malware-laden spam with a twist:

From:     iTunes [[email protected]]
To:     purchasing [[email protected][redacted]]
Date:     6 December 2012 20:59
Subject:     Christmas gift card

Order Number: M1V7577311
Receipt Date: 06/12/2012
Shipping To: [email protected][redacted]

Order Total: $500.00
Billed To: Hilary Shandonay, Credit card

Item Number     Description     Unit Price
1     Christmas gift card (View\Download )     $500.00
Subtotal:     $500.00
Tax:     $0.00
Order Total:     $500.00

Please retain for your records.
Please See Below For Terms And Conditions Pertaining To This Order.

Apple Inc.
You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies


Answers to frequently asked questions regarding the iTunes Store can be found at

Apple ID Summary ??????????¬?‚??  Detailed invoice

Apple respects your privacy.

Copyright ??????‚?© 2011 Apple Inc. All rights reserved

In this case the link goes through a free web hosting site at [donotclick] which contains some heavily obfuscated javascript that eventually leads to malicious landing page on [donotclick] hosted on (, Russia). That IP hosts the following toxic domains that you should block:

Heck, you might just want to cut your losses and block too. Anyway, the curious thing is that the malicious javascript uses an intermediary obfuscation site called which you can see has been used to infect a few sites before.

Now, perhaps was created with the best of intentions, but if the bad guys have a use for it then you can bet they are probably about to abuse it in a big way.

Both and are hosted on the same IP at (also in Russia) which is part of a tiny netblock of which you may as well block too. The IP also contains the following domains which might also be abused in the same way:

In my opinion, obfuscating javascript is a really bad thing and there is no legitimate reason to use it. Blocking access to free-to-use obfuscation tools like this may run the risk of breaking some legitimate sites. But only if they have been coded by idiots.

Leave a reply


FRIDAY, MAY 25, 2018



Latest Comments

Social Networks