Dangerous iTunes email claims account password stolen
Avoid these emails that appear to come from iTunes. It directs users to a fake website, where and a Java scripting exploit can infect PCs that are not up-to-date on security.
Fake iTunes email isn't a phish, it's a 'sploit
QUOTE: An email making the rounds makes the innocent claim that “it is possible that your account password has been stolen”. Actually, no. The site serves a malicious script. Nevertheless, the exploits served are six to eight months old — CVE-2010–0886 (a Java exploit) and CVE-2010-1885 (a cross-site scripting method that exploits a vulnerability in Windows Help). Downloading the latest version of Java and insuring you’re up-to-date on Windows patches will protect against any attack.