The email attachment contains Asprox and Kuluoz botnet.
After using Ebola, and fake court documents as weapons to spread phishing emails, cyber criminals are now using free pizza to spread malware.
The new phishing emails are designed to look like it is coming from Pizza Hut, which lures in users to click on to the mail claiming that the company is offering free pizza to mark its 55th anniversary.
Cyber security firm Cloudmark said: "Of course, if you click on the link, you do not get a coupon for free pizza – you get a .zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz.
"This botnet has been around since 2008. It goes through sudden bursts of growth from time to time, and then cuts back in size, perhaps to avoid countermeasures from the security community."
Asprox uses Trojans and affects workstations and web servers equally. In 2010 Asprox botnet saw explosive growth in a single day, however researchers suggests that for now the attack is in low volume, but it may grow.
Previously email designed to look like court document were used to spread malware, and researchers suggest that users are four times more likely to click on the pizza email from their spam box.
The security company has advised users not to click on emails from spam folder, and to after check the URL which should include a credible domain name like http://pizzahut.com/, not something like http://pizzahut.com.[some random hacked domain].cn.