Cloudmark is now part of Proofpoint. Learn More

About Proofpoint

Fake Pizza Hut “Free Pizza” Coupons Latest Malware Threat

Starting on October 28, we saw a new hook used to try and trick users into installing a Trojan on their computer – Free Pizza. Fans of Robert Heinlein will be familiar with the acronym TANSTAAFL – There Ain’t No Such Thing As A Free Lunch. In this case TANSTAAFPE – There Ain’t No Such Thing As A Free Pizza, Either.

The attack features a realistic looking message, apparently from Pizza Hut:
Free Pizza Spam

Today we are celebrating our 55th anniversary and we want you to share this celebration with us - you may get a free pizza in any of our restaurants.

Pizza Hut was actually founded in 1956, which makes them 58 years old, not 55. Of course, if you click on the link, you do not get a coupon for free pizza – you get a .zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz. This botnet has been around since 2008. It goes through sudden bursts of growth from time to time, and then cuts back in size, perhaps to avoid countermeasures from the security community.

This attack appears to be more credible than the typical package delivery or invoice spam used to distribute malware. Everybody wants to believe in free pizza. We are seeing an unusually high number of people taking this email out of their spam folders. Users are more than four times more likely to take this out of their spam folder than the largest recent malware spam campaign which claimed to be a notice to appear in court.

Though the attack is low volume at the moment, it’s quite possible it may grow. Asprox infects both workstations (using Trojans), and web servers (using SQL injection attacks). By using infected workstations to probe for vulnerable web servers and infected servers to deliver malware to workstations the Asprox botnet has been capable of explosive growth in the past. In June 2010 the number of infected web servers grew by a factor of five in a single day.

The bottom line is that users should not click on any links in unsolicited email, especially if it is already in your spam folder. Free pizza may seem a lot more credible than Nigerian gold, but they are both dangerous scams. If you are tempted to click on a link (because who can turn down free pizza), hover the mouse over it first, and make sure that the URL goes to and not[some random hacked domain].cn .

12 thoughts on “Fake Pizza Hut “Free Pizza” Coupons Latest Malware Threat”

  1. If all you did was download the .zip file you are still safe. Just delete it. If you opened the .zip file and then clicked on the .exe file on a Windows machine then your computer may well be infected. You will need to remove the infection with one of the popular anti-virus tools. Many of them are either free, or offer a free trial period. Currently anti-virus products from Microsoft, Kaspersky, Sophos, AVG, McAfee, Sophos, Symantec and others are all detecting this threat.

Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2020 Cloudmark, Inc.