The Latest in IT Security

Pizza spam / gimalayad.ru

07
Mar
2013


Cheese Lover’s Pizza with no cheese?! Chicken pizza with three lots of extra ham?? This spam actually leads to malware on gimalayad.ru:

Date:      Wed, 6 Mar 2013 12:22:04 +0330
From:      Tagged [[email protected]]
Subject:      Fwd: Order confirmation

You??™ve just ordered pizza from our site

Pizza Ultimate Cheese Lover’s with extras:
– Bacon Pieces
– Ham
– Bacon Pieces
– Jalapenos
– Black Olives
– No Cheese
– Easy On Sauce
Pizza Chicken Supreme with extras:
– Ham
– Ham
– Ham
– Jalapenos
– Green Peppers
– Diced Tomatoes
– Extra Cheese
– Extra Sauce
Pizza Hawaiian Luau with extras:
– Ham
– Green Peppers
– Jalapenos
– Pineapple
– Extra Cheese
– No Sauce
Pizza Pepperoni Lover’s with extras:
– Beef
– Ham
– Green Peppers
– Onions
– Green Peppers
– Extra Cheese
– Easy On Sauce
Pizza Spicy Sicilian with extras:
– Chicken
– Ham
– Bacon Pieces
– Pineapple
– Easy On Cheese
– Easy On Sauce
Drinks
– Grolsch x 6
– 7up x 3
– Budweiser x 4
– Carling x 2
Total Charge:    232.33$

If you haven??™t made the order and it??™s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!

If you don??™t do that shortly, the order will be confirmed and delivered to you.

With respect to you
ALBERTO`s Pizzeria

================================

Date:      Wed, 6 Mar 2013 09:16:56 +0100
From:      “Xanga” [[email protected]]
Subject:      Re: Fwd: Order confirmation

You??™ve just ordered pizza from our site

Pizza Ultimate Cheese Lover’s with extras:
– Beef
– Pepperoni
– Diced Tomatoes
– Easy On Cheese
– Extra Sauce
Pizza Italian Trio with extras:
– Beef
– Black Olives
– Black Olives
– Onions
– Extra Cheese
– Extra Sauce
Pizza Triple Meat Italiano with extras:
– Bacon Pieces
– Ham
– Onions
– Green Peppers
– Diced Tomatoes
– Extra Cheese
– Extra Sauce
Drinks
– Simply Orange x 4
– Fanta x 2
– 7up x 2
– Heineken x 2
– Lift x 5
– Pepsi x 4
– Budweiser x 4
Total Charge:    242.67$

If you haven??™t made the order and it??™s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!

If you don??™t do that shortly, the order will be confirmed and delivered to you.

With Respect
PIERO`s Pizzeria

The malicious payload is at [donotclick]gimalayad.ru:8080/forum/links/column.php (report here) hosted on the same IPs used in this attack:

41.72.150.100 (Hetzner, South Africa)
117.104.150.170 (NTT, Japan)
212.180.176.4 (Supermedia, Poland)

Blocklist:
41.72.150.100
117.104.150.170
212.180.176.4
forum-la.ru
gosbfosod.ru
giliaonso.ru
forum-ny.ru
ginagion.ru
gimalayad.ru

Leave a reply


Categories

FRIDAY, AUGUST 17, 2018

Featured

Archives

Latest Comments

Social Networks