The Latest in IT Security

“Gerolamo Pizzeria” Spam Invades Inboxes


Researchers in the AV Labs received a spam that is unlike the usual batch of Viagra spam and Rolex spam that we would normally see in our inboxes: pizza spam. And the spammers behind it are back to offer second serving.

We have reason to believe that criminals behind this spam run attempted to use the name “Girolamo Pizzeria“ to make the email believable; however, the name of the company in the signature is slightly misspelled.

click to enlarge

From: {random email address}
Subject: Order confirmation
Message body:
You’ve just ordered pizza from our site.

Pizza Super Supreme with extras:
– Pepperoni
– Ham
– Jalapenos
– Pinapple
– Extra Cheese
– No Sauce
Pizza Meat Lover‘s with extras:
– Bacon Pieces
– Chicken
– Jalapoenos
– Diced Tomatoes
– Pineapple
– Extra Cheese
– No Sauce
Pizza Ultimate Cheese Lover‘s with extras:
– Beef
– Chicken
– Black Olives
– Green Peppers
– Easy On Cheese
– Easy On Sauce
Pizza Triple Meat Italiano with extras:
– Italian Sausage
– Chicken
– Jalapenos
– Cheese
– No Sauce
Pizza Veggie Lover‘s with extras:
– Chicken
– Black Olives
– Diced Tomatoes
– Green Peppers
– No Cheese
– Extra Sauce
– Heineken x 2
– Schweppes x 2
– Coca-Cola x 2
– Dr. Pepper x 3
– Squirt x 4
– Diet Pepsi x 5
Tota Charge: 86.06$

If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.


If you don’t do that shortly, the order will be confirmed and delivered to you.

With respect to you
GEROLAMO’s Pizzeria

As appetite-inducing as this spam may seem, it actually carries a less palatable payload. Clicking the visible link of the email, CANCEL ORDER NOW!, would result in the Phoenix Exploit Kit, one of the popular do-it-yourself (DIY) kits used by cybercriminals. After the kit successfully exploits vulnerable software on the infected system, it then drops two binary files: a Pony downloader (15/42) and a Zbot variant (6/39). GFI Software detects the downloader as Trojan.Win32.Generic.pak!cobra.

As always, please make sure that your antivirus is up-to-date and be wary of clicking links on emails.

Related entry:

Jovi Umawing (Thanks to Matthew and Adam)

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments