Symantec security researchers have discovered a spamming tactic designed to fool users into clicking on links disguised as common file extensions.
The firm said the spam first appeared around two weeks ago and is linked to online pharmacy websites.
According to Anand Muralidharan, a researcher at Symantec, the emails contain the usual spam content - such as references to news events, images and video files - but the links seem to end with common file extensions.
These extensions include .pdf, .mp3 and .doc as well as .asp and .mpeg. However, instead of opening up files associated with them, they point users to pharmacy sites.
He said the source domain was registered in Russia and its servers were located in Hong Kong and the Ukraine.
In order to populate these types of attacks, also known as RSS news-feed spam, attackers use news feeds in the spam email.
Spammers have also used the recent death of legendary astronaut Neil Armstrong in this spam sample, Muralidharan added.
"The intention of using these particular file extensions could be to evade content filters, which typically look for other types of file extensions," he said in a blog post.
"Another reason could be to fool users who would expect the links to open the relevant file type."
He advised users to keep their security software up-to-date, in order to evade these types of online scams.
Scammers have also been sending out emails claiming to be from Symantec and other security companies, warning users their email account may be blocked because it has been sending out "infected" emails.
The link in the message points to a file that is named removaltool.exe, but contains a Trojan that downloads other malware to infect target machines.
The new attack was first spotted by security vendor Websense.
