Use of .avi & .mp3 Extension Leads to Pharmacy Spam
Created: 30 Sep 2013 14:00:20 GMT | Updated: 14 Nov 2013 03:59:08 GMT | Translations available: 日本語
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
Figure 1: Spam email using .avi extension
Figure 2: Spam email using .mp3 extension
Figure 3: Fake online pharmacy website
Below are some of the email subjects used in this latest spam campaign:
- Subject: Here Comes the Sun 1969
- Subject: Soldier of Love (Lay Down Your Arms) 1963
- Subject: For No One 1966
- Subject: Misery 1963
- Subject: Lucy in the Sky with Diamonds 1967
- Subject: From Me to You 1963
- Subject: Look! I found this!
The domain was found to be registered in Europe and its servers were located in Ukraine. The spam attacks use such file extensions in a YouTube link to bypass the filter and also to fool users who would expect the links to open the appropriate file type.
Symantec advises consumers to be cautious with unsolicited or unexpected emails and to update their antispam signatures regularly to prevent personal information from being compromised. We are closely monitoring these spam attacks to ensure that users are aware of the latest threats.