$107 for a couple of pizzas and drinks! – I didn’t order this… (especially not the Veggie Lover’s Pizza with chicken topping) There must be some mistake. I’ll click on this “cancel order” link and set things straight….
Our advice is of course not to click.
The links redirect to a “malware generator” page which includes numerous scripts that build different malware on-the-fly. Before deciding which malware to serve, the scripts check for the following: Operating system and version (Win, Mac, Linux, FreeBSD, iPhone, iPod, iPad, Win.CE, Win.Mobile, PocketPC); Browser type and version; Installed versions of Java, Flash, Acrobat reader; ActiveX enabled, and more.
It’s almost like a build-it-yourself pizza.
The very large outbreak offers emails with a mouthwatering array of Pizza types, toppings, and drinks which are mixed and changed per email (Pizza names are basically stolen from Pizza Hut’s menu). The Pizzeria name also varies between the Italian sounding Graziano’s, Ulderico’s, Benvenuto, Porfirio, Natanaele`s, and many more. And of course the total cost of the order varies per email but is always above $100. The social engineering is not totally new (fix an incorrect order), but the pizza theme has been well exploited.
The redirection to the malware generating site is hosted on a range of compromised websites. A nested iFrame has been planted in each compromised site which generates a redirection command to a .ru website. The homepage of one of these hacked websites (amateur sport association from the Czech Republic) is shown below. Commtouch is currently running a survey in cooperation with StopBadware to gain further insight into the phenomenon of hacked websites such as this one.
The emails are blocked by Commtouch’s Anti-Spam.
Email text:
You’ve just ordered pizza from our site
Pizza Super Supreme with extras:
– Pork
– Jalapenos
– Green Peppers
– Green Peppers
– Easy On Cheese
– Easy On Sauce
Pizza Veggie Lover’s with extras:
– Chicken
– Pineapple
– Extra Cheese
– No Sauce
Pizza Ultimate Cheese Lover’s with extras:
– Chicken
– Ham
– Diced Tomatoes
– Extra Cheese
– Easy On Sauce
Drinks
– Gold Peak Tea x 4
– Diet Pepsi x 3
– Dr. Pepper x 6
Total Charge: 107.13$
If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!
If you don’t do that shortly, the order will be confirmed and delivered to you.
Best wishes
ULDERICO`s Pizzeria
Another example:
You’ve just ordered pizza from our site
Pizza Spicy Sicilian with extras:
– Ham
– Chicken
– Beef
– Pineapple
– Onions
– Extra Cheese
– Easy On Sauce
Pizza Supreme with extras:
– Beef
– Pepperoni
– Black Olives
– Onions
– Pineapple
– Easy On Cheese
– Extra Sauce
Pizza Italian Trio with extras:
– Ham
– Jalapenos
– Pineapple
– Extra Cheese
– Easy On Sauce
Pizza Spicy Sicilian with extras:
– Bacon Pieces
– Onions
– Pineapple
– Extra Cheese
– Extra Sauce
Drinks
– Grolsch x 4
– Diet Pepsi x 5
– Red wine x 5
– Carling x 5
– Gold Peak Tea x 6
– Pepsi x 5
– Lift x 2
Total Due: 147.65$
If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!
If you don’t do that shortly, the order will be confirmed and delivered to you.
Best wishes
GRAZIANO`s Pizzeria