Analysis by: Fjordan Allego
Users may find e-mails coming from a known antivirus company nothing to be surprised about, but alarms should definitely start ringing when the antivirus company mailing you isn't the one you're subscribed to - and that their mails are festooned with links to websites peddling Viagra.

Our team of engineers recently found a spam mail making the rounds, masking itself as a legit mail coming from CA Technologies. With a subject of “TEC436187-How to uninstall eTrust Antivirus 7.x manually”, the message body of the spam invites the recipients to view content from CA’s SupportConnect Knowledgebase. Clicking on the offered link will only give you an error.

Below the knowledgebase article is a listed user comment that instructs the reader to copy and paste a link to their browser. It promises the recipients that they can make up to $4,000 a day by just following further instructions on the landing page. Visiting that page, of course, will lead you to a fake pharmacy site offering Viagra and other medicines.

While this in itself is not a harmful spam, cybercriminals could have easily made the landing page (and all the other pages that come after it) malicious and automatically download malware onto your system, so the risk is there. Again, we remind all users to refrain from clicking links or attachments from unfamiliar senders, as they may lead to system infection.

This new technique is already being detected by Trend Micro both the websites were it redirect the users and the spam mail itself.

 SPAM BLOCKING DATE / TIME: June 27, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0784