Users should never rush to click on links received in unsolicited emails

Apr 17, 2012 11:56 GMT  ·  By

Internet users may stumble upon an email in their inbox that notifies them about pizzas and drinks worth $86 (65 EUR) heading their way. Before rushing to click on Cancel Order Now, they should take a moment to think about it, because the innocent-looking link actually points to a malicious site.

GFI experts have come across one of these emails, which lists a fictitious order from the Gerolamo Pizzeria (a “malicious” version of the legitimate Girolamo Pizzeria).

According to researchers, users who fall for the plot and click on the Cancel Order Now link, are taken to compromised sites that host the Phoenix Exploit Kit, a malicious element that attempts to leverage known vulnerabilities in order to serve malware.

In this particular case, victims who have failed to ensure that important system components, including their antivirus solutions, are up to date, will end up with two binary files that hide variants of two well-known pieces of malware, Pony and Zbot.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1