Symantec detects rise in file extension spam
Security vendor claims spammers are increasingly using rogue file extensions to lure unsuspecting users to online pharmacy sites.


Symantec security researchers have discovered a spamming tactic designed to fool users into clicking on links disguised as common file extensions.
The firm said the spam first appeared around two weeks ago and is linked to online pharmacy websites.
According to Anand Muralidharan, a researcher at Symantec, the emails contain the usual spam content - such as references to news events, images and video files - but the links seem to end with common file extensions.
These extensions include .pdf, .mp3 and .doc as well as .asp and .mpeg. However, instead of opening up files associated with them, they point users to pharmacy sites.
He said the source domain was registered in Russia and its servers were located in Hong Kong and the Ukraine.
In order to populate these types of attacks, also known as RSS news-feed spam, attackers use news feeds in the spam email.
Spammers have also used the recent death of legendary astronaut Neil Armstrong in this spam sample, Muralidharan added.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The intention of using these particular file extensions could be to evade content filters, which typically look for other types of file extensions," he said in a blog post.
"Another reason could be to fool users who would expect the links to open the relevant file type."
He advised users to keep their security software up-to-date, in order to evade these types of online scams.
Scammers have also been sending out emails claiming to be from Symantec and other security companies, warning users their email account may be blocked because it has been sending out "infected" emails.
The link in the message points to a file that is named removaltool.exe, but contains a Trojan that downloads other malware to infect target machines.
The new attack was first spotted by security vendor Websense.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Malicious WordPress plugin installed backdoor on thousands of websites
News Widget plugin spewed spam to unsuspecting victims
-
Power stations under attack from long-running hacking campaign
News Dragonfly threat group is ramping up activities, say researchers
-
711 million data records revealed in spambot dump
News The data contains email addresses, passwords and server information too
-
Symantec profits surge as firms prop up their cyber defences
News The company also announced plans to sell its web certificate business
-
Security experts uncover Tinder porn site spam scheme
News Chatbots use verification offers to lure in victims
-
Symantec to pay $4.65 billion to acquire Blue Coat
News Greg Clark to become Symantec CEO, promising new cloud security
-
Spammers selling fake tickets for Rio Olympics 2016
News Fraudsters have created fake ticketing websites to trick users
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249