GFI security researchers come across a spam mail that notifies users about a Pizza order. The spam mail claims users ordered pizza worth $86.06.
At the end of the mail, it display a message "If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order."
"If you don’t do that shortly, the order will be confirmed and delivered to you." The spam mail reads.
If the the user clicked the 'cancel order' button, it will land them in a webpage that hosts Phoenix Exploit Kit, one of the popular do-it-yourself (DIY) kits used by cybercriminals.
Once the kit successfully exploits vulnerable software on the infected system, it then drops two binary files: a Pony downloader (15/42) and a Zbot variant (6/39).
GFI Software detects the downloader as Trojan.Win32.Generic.pak!cobra.
At the end of the mail, it display a message "If you haven’t made the order and it’s a fraud case, please follow the link and cancel the order."
"If you don’t do that shortly, the order will be confirmed and delivered to you." The spam mail reads.
If the the user clicked the 'cancel order' button, it will land them in a webpage that hosts Phoenix Exploit Kit, one of the popular do-it-yourself (DIY) kits used by cybercriminals.
Once the kit successfully exploits vulnerable software on the infected system, it then drops two binary files: a Pony downloader (15/42) and a Zbot variant (6/39).
GFI Software detects the downloader as Trojan.Win32.Generic.pak!cobra.