Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Email Security.cloud
View Only
Community Home
Threads
Library
Events
Members
Back to Library
Use of .avi & .mp3 Extension Leads to Pharmacy Spam
1
Recommend
Sep 30, 2013 10:00 AM
Migration User
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog:
Pharma Spammers Brandjack YouTube
.
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED].com/165137.mp3
Figure 1:
Spam email using .avi extension
Figure 2:
Spam email using .mp3 extension
Figure 3:
Fake online pharmacy website
Below are some of the email subjects used in this latest spam campaign:
Subject: Here Comes the Sun 1969
Subject: Soldier of Love (Lay Down Your Arms) 1963
Subject: For No One 1966
Subject: Misery 1963
Subject: Lucy in the Sky with Diamonds 1967
Subject: From Me to You 1963
Subject: Look! I found this!
The domain was found to be registered in Europe and its servers were located in Ukraine. The spam attacks use such file extensions in a YouTube link to bypass the filter and also to fool users who would expect the links to open the appropriate file type.
Symantec advises consumers to be cautious with unsolicited or unexpected emails and to update their antispam signatures regularly to prevent personal information from being compromised. We are closely monitoring these spam attacks to ensure that users are aware of the latest threats.
Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic