Cybercriminals are using the tempting lure of free pizza to spread malware via malicious email spam, according to researchers at Cloudmark.
The messaging security firm has spotted new emails purporting to come from Pizza Hut, which encourage recipients to click on a malicious link to claim their delicious reward, it noted in a blog post.
“Of course, if you click on the link, you do not get a coupon for free pizza – you get a .zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz,” it added.
“This botnet has been around since 2008. It goes through sudden bursts of growth from time to time, and then cuts back in size, perhaps to avoid countermeasures from the security community.”
Cloudmark warned that the prospect of free pizza has been extremely successful as a social engineering lure, with users more than four times more likely to take this particular email out of their spam folders than the largest recent malicious spam run.
That particular email campaign was spoofed to look like a notice to appear in court.
“Though the attack is low volume at the moment, it’s quite possible it may grow. Asprox infects both workstations (using Trojans), and web servers (using SQL injection attacks),” Cloudmark explained.
“By using infected workstations to probe for vulnerable web servers and infected servers to deliver malware to workstations the Asprox botnet has been capable of explosive growth in the past. In June 2010 the number of infected web servers grew by a factor of five in a single day.”
The most recent sighting of Asprox was back in June this year, when emails spoofed to look like they came from the US Postal Service appeared in users’ inboxes.
In that instance, the emails contained a malicious link claiming to lead victims to a shipping receipt, but in reality took them to a .zip file containing the malware.
Asprox started life around six years ago as a password stealer, although it is more likely to be seen in its current spammy guise.
“If you are tempted to click on a link (because who can turn down free pizza), hover the mouse over it first, and make sure that the URL goes to http://pizzahut.com/ and not http://pizzahut.com.[some random hacked domain].cn,” cautioned Cloudmark.