Another installment in the tsunami of malware-laden spam doing the rounds.. this time it is for pizza!
From: Pizza by ATTILIO [mailto:[email protected]]
Sent: 06 December 2011 18:25
Subject: Re: Fwd: Order confirmationYou’ve just ordered pizza from our site
Pizza Italian Trio with extras:
– Ham
– Jalapenos
– Green Peppers
– Jalapenos
– No Cheese
– No Sauce
________________________________________
Pizza Veggie Lover’s with extras:
– Italian Sausage
– Jalapenos
– Pineapple
– Black Olives
– Easy On Cheese
– No Sauce
________________________________________
Pizza Supreme with extras:
– Chicken
– Jalapenos
– Extra Cheese
– Extra Sauce
________________________________________
Drinks
– Bacardi x 2
– Dr. Pepper x 5
– Cherry Coke x 2
– Coca-Cola x 2
– Mirinda x 4
– Limonade x 5
– Carling x 5
________________________________________Total Due: 187.31$If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!If you don’t do that shortly, the order will be confirmed and delivered to you.
Best wishes
Pizza by ATTILIOFingerprint: a50c3e6f-8a5c87de
The link goes through a legitimate hacked site to a malicious payload on ciredret.ru/main.php, hosted on 79.137.237.63. Unsuprisingly this is Digital Network JSC in Moscow (aka DINETHOSTING) who are involved in much of the recent malware spam runs. Blocking 79.137.224.0/20 is highly recommended.
Leave a reply