« It's Wednesday | Main | More main.php Hijinks [Updated] »

December 07, 2011

Reminiscent of the teenage prank of ordering a pizza for delivery to an unsuspecting friend (or enemy), this week's malware lure tries the same trick, but without the actual delivery.

The email claims to be an order confirmation for one giant pizza party. The From: field is populated with randomized plug-in names, such as "CALLISTO's Pizzeria" or "Pizza by Giacinto". The makeup of pizzas and other goodies varies from message to message, but here's an example:

You’ve just ordered pizza from our site

Pizza Supreme with extras:
- Italian Sausage
- Italian Sausage
- Green Peppers
- Green Peppers
- No Cheese
- No Sauce
Pizza Italian Trio with extras:
- Italian Sausage
- Green Peppers
- Extra Cheese
- Extra Sauce
Pizza Hawaiian Luau with extras:
- Beef
- Italian Sausage
- Bacon Pieces
- Onions
- Green Peppers
- Extra Cheese
- No Sauce
Pizza Spicy Sicilian with extras:
- Ham
- Green Peppers
- Jalapenos
- Extra Cheese
- No Sauce
Pizza Meat Lover's with extras:
- Beef
- Italian Sausage
- Pepperoni
- Diced Tomatoes
- No Cheese
- Extra Sauce
Drinks
- Budweiser x 5
- Coca-Cola x 2
- Gold Peak Tea x 2
- Cherry Coke x 3
- Mirinda x 6
- Red wine x 2
- Carling x 2
Total Due: 179.67$

If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!

If you don’t do that shortly, the order will be confirmed and delivered to you.

With Best Wishes
CALLISTO`s Pizzeria

Fingerprint: 7d5b8304-172d5b83

Not all of the messages have the "Fingerprint" nonsense at the end, but many other messages in this same campaign do.

Since no one wants to pay for over a hundred bucks of pizza delivered to his/her door, the adrenalin kicks in and the recipient clicks the Cancel link in panic. Rut Row! It's our old friend that takes you to a hijacked web site where an iframe loads the ol' main.php malware loading page [yawn].

And that, kids, is how botnets grow.