The Latest in IT Security

“Gerolamo Pizzeria” Spam Invades Inboxes

17
Apr
2012

Researchers in the AV Labs received a spam that is unlike the usual batch of Viagra spam and Rolex spam that we would normally see in our inboxes: pizza spam. And the spammers behind it are back to offer second serving.

We have reason to believe that criminals behind this spam run attempted to use the name “Girolamo Pizzeria“ to make the email believable; however, the name of the company in the signature is slightly misspelled.

click to enlarge

From: {random email address}
Subject: Order confirmation
Message body:
You’ve just ordered pizza from our site.

Pizza Super Supreme with extras:
– Pepperoni
– Ham
– Jalapenos
– Pinapple
– Extra Cheese
– No Sauce
———————————————-
Pizza Meat Lover‘s with extras:
– Bacon Pieces
– Chicken
– Jalapoenos
– Diced Tomatoes
– Pineapple
– Extra Cheese
– No Sauce
———————————————-
Pizza Ultimate Cheese Lover‘s with extras:
– Beef
– Chicken
– Black Olives
– Green Peppers
– Easy On Cheese
– Easy On Sauce
———————————————-
Pizza Triple Meat Italiano with extras:
– Italian Sausage
– Chicken
– Jalapenos
– Cheese
– No Sauce
———————————————-
Pizza Veggie Lover‘s with extras:
– Chicken
– Black Olives
– Diced Tomatoes
– Green Peppers
– No Cheese
– Extra Sauce
———————————————-
Drinks
– Heineken x 2
– Schweppes x 2
– Coca-Cola x 2
– Dr. Pepper x 3
– Squirt x 4
– Diet Pepsi x 5
===================================
Tota Charge: 86.06$

If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.

CANCEL ORDER NOW!

If you don’t do that shortly, the order will be confirmed and delivered to you.

With respect to you
GEROLAMO’s Pizzeria

As appetite-inducing as this spam may seem, it actually carries a less palatable payload. Clicking the visible link of the email, CANCEL ORDER NOW!, would result in the Phoenix Exploit Kit, one of the popular do-it-yourself (DIY) kits used by cybercriminals. After the kit successfully exploits vulnerable software on the infected system, it then drops two binary files: a Pony downloader (15/42) and a Zbot variant (6/39). GFI Software detects the downloader as Trojan.Win32.Generic.pak!cobra.

As always, please make sure that your antivirus is up-to-date and be wary of clicking links on emails.

Related entry:

Jovi Umawing (Thanks to Matthew and Adam)

Leave a reply


Categories

SUNDAY, AUGUST 18, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks