Pizza Order Spam Spreads Malicious Software
According to Commtouch Café, a new spam campaign is spreading, targeting Internet-users by offering pizzas that they seemingly ordered for but actually ensnaring them. Indeed, victims are told to make a payment of $107 (EUR 75) in order to materialize the order; however, the real objective is to confuse them into hastily opting for the "Cancel Order Now" button.
But upon opting, they get diverted onto a web-page that generates malware with the page containing many scripts, which create various malware ready to strike. But, prior to selecting the malware for being launched, the scripts verify the operating system in use and the version installed like whether it's Mac, Win or Linux and still more whether it's iPad, FreeBSD, iPod, iPhone, PocketPC, Win.Mobile or Win.CE; the web-browser form and its edition; and the loaded active versions of Acrobat Reader, Java, ActiveX, Flash etc.
Significantly, the spam attack, despite any scale, solely distributes e-mails offering a wide range of delicious pizzas added with different toppings as also accompanied with several drinks, in various combinations that change with every e-mail. Naturally, the order's price too changes with every message although it's never equal-to-or-less than $100.
The pizzeria offering the pizzas similarly varies with every e-mail; however, they are mostly Italian names like Porfirio, Ulderico's, Graziano's or Benvenuto. And even though the pizzas' names/ingredients may alter, eventually the e-mails all do nothing but take the user onto a crafty destination, where the crafty aspect relates to the method in which the different malicious components get installed on the victims' PCs. A tool, producing the malware, scrutinizes the computers for determining the OS running on them, their browser type along with other possible attack-prone elements existent on them.
Further, the diversion of end-users onto the website serving malicious software takes place on an entire set of hijacked sites. Essentially, there's an iFrame installed on these sites that issues the diversion instruction to one .ru Internet site.
Conclusively, security researchers suggested anyone getting these e-mails to instantly delete them, and incase of getting victimized with any, to scan their systems thoroughly with the latest anti-virus version.
» SPAMfighter News - 19-12-2011