![]() |
| Free Pizza Hut Pizza: New Malware Campaign to Spread Asprox Botnet |
Cyber Security Firm CloudMark recently discovered a malware campaign spreading through Email which promises Free Pizza Hut Pizza.
About the Email
According to the report, a email, made it look like it's from Pizza Hut, requires a victim to click a link to claim their delicious freebies. The mail reads that Pizza Hut is celebrating its 55th anniversary and the recipients can get free Personal Pan Pizza in any of Pizza Hut restaurants.
The email also states that victim may need to download a coupon but actually it's a .zip file which contains the Malware.The report said,
Of course, if you click on the link, you do not get a coupon for free pizza – you get a .zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz
The attackers seem to be wrong in their calculation as Pizza Hut was founded in 1956 which makes them 58years old now not 55.
What is Asprox?
Asprox occurred in 2008 and grew day by day by being used to attack high-profile websites in order to spread malware. But the makers of the malware limited the attack to avoid countermeasure from the security community.
CloudMark said that luring victims by Free Pizza is a successful social engineering method with users more than four times more likely to take this particular email out of their spam folders than the largest recent malicious spam run.
Andrew Conway said in the blog post,
Though the attack is low volume at the moment, it’s quite possible it may grow. Asprox infects both workstations (using Trojans), and web servers (using SQL injection attacks). By using infected workstations to probe for vulnerable web servers and infected servers to deliver malware to workstations the Asprox botnet has been capable of explosive growth in the past. In June 2010 the number of infected web servers grew by a factor of five in a single day.
CloudMark recommends users not to click any link in unsolicited email. If you get any, hover over the link and notice if it shows the target URL something like "http://pizzahut.com.[some random hacked domain].cn" instead of http://pizzahut.com. If yes then please don't click the link otherwise you (your credentials) as well as your computer is gonna vomit eating that Free Pizza.

0 comments:
Post a Comment