Symantec security researchers have discovered a spamming tactic designed to fool users into clicking on links disguised as common file extensions.
The firm said the spam first appeared around two weeks ago and is linked to online pharmacy websites.
According to Anand Muralidharan, a researcher at Symantec, the emails contain the usual spam content - such as references to news events, images and video files - but the links seem to end with common file extensions.
These extensions include .pdf, .mp3 and .doc as well as .asp and .mpeg. However, instead of opening up files associated with them, they point users to pharmacy sites.
He said the source domain was registered in Russia and its servers were located in Hong Kong and the Ukraine.
In order to populate these types of attacks, also known as RSS news-feed spam, attackers use news feeds in the spam email.
Spammers have also used the recent death of legendary astronaut Neil Armstrong in this spam sample, Muralidharan added.
"The intention of using these particular file extensions could be to evade content filters, which typically look for other types of file extensions," he said in a blog post.
"Another reason could be to fool users who would expect the links to open the relevant file type."
He advised users to keep their security software up-to-date, in order to evade these types of online scams.
Scammers have also been sending out emails claiming to be from Symantec and other security companies, warning users their email account may be blocked because it has been sending out "infected" emails.
The link in the message points to a file that is named removaltool.exe, but contains a Trojan that downloads other malware to infect target machines.
The new attack was first spotted by security vendor Websense.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Malicious WordPress plugin installed backdoor on thousands of websitesNews Widget plugin spewed spam to unsuspecting victims
-
Power stations under attack from long-running hacking campaignNews Dragonfly threat group is ramping up activities, say researchers
-
711 million data records revealed in spambot dumpNews The data contains email addresses, passwords and server information too
-
Symantec profits surge as firms prop up their cyber defencesNews The company also announced plans to sell its web certificate business
-
Security experts uncover Tinder porn site spam schemeNews Chatbots use verification offers to lure in victims
-
Symantec to pay $4.65 billion to acquire Blue CoatNews Greg Clark to become Symantec CEO, promising new cloud security
-
Spammers selling fake tickets for Rio Olympics 2016News Fraudsters have created fake ticketing websites to trick users
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249
