Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

Summary: Sophos have intercepted a currently circulating malware campaign, enticing users into downloading and executing malicious file attachments.

SHARE:
TOPICS: Security, Malware
5

Researchers from Sophos have intercepted a currently circulating malware campaign, enticing users into downloading and executing malicious file attachments.

The campaign attempts to trick users into thinking that they have received an email from a Xerox WorkCentre Pro photocopier, and has the following filenames attached to it Xerox_Document_08.23_C11125.zip; Xerox_Scan_08.23_K1274.zip.

Spamvertised as:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.Sent by: GuestNumber of Images: 1Attachment File Type: ZIP [DOC]WorkCentre Pro Location: machine location not setDevice Name: [random]

Related posts:

Users are advised not to interact with suspicious emails, or spam emails in general.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

    Thanks for bringing spreading the word about these suspicious looking e-mails; this is something we?ve been advising customers on for more than a year now. As you mention, the e-mail mimics a scan-to-e-mail file from a Xerox WorkCentre Pro. It?s important that customers be suspicious of all scan-to-e-mail files that they were not expecting to receive and to pay attention to the ?From? field of these e-mails. The spam e-mail may fill in the ?From? field with a user name to make the e-mail look safe, as opposed to a machine name (i.e. wcp245@xerox.com). I advise all users to only open email attachments that are sent from a reliable, identifiable source. I encourage your readers to check Xerox.com/information-security/news for ongoing tips and advice.
    Larry Kovnat, Sr. Manager, Product Security
    lkovnat
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

    Thanks for your post and for helping to keep your readers informed about this spam. In order to defend against these types of malware campaigns, businesses can no longer rely on point solutions such as firewalls, IDS/IPS devices or simple IP reputations. Solutions that can provide deep content inspection to detect embedded attacks across email and Web sessions should also be implemented. This incident also illustrates the importance of ensuring network layer Data Leakage Prevention (DLP) for service providers, in order to prevent the outflow of email addresses. Our company, Wedge Networks focuses on building these robust and scalable solutions for both ISPs and large enterprises.
    HongwenZhangWedge
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

    Handy to know thanks for the info.
    A happy PC is malware free.
    kiwisewi77
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

    Its important that customers be suspicious of all scan-to-e-mail files that they were not expecting to receive and to pay attention to the field of these e-mails.In order to defend against these types of malware campaigns, businesses can no longer rely on point solutions such as firewalls.[url=http://ponturi365.com]ponturi[/url].Thanks and wish all the best.
    adam drabik
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

    The spamvertised emails contain subjects and messages attempting to socially engineer users into thinking that spam is coming from their mailboxes, and that they face legal action:

    In this campaign, emails are spoofed to appear as though they are sent from established companies like http://pariuri-sportive.org. The emails even formally claims that legal action will be taken because of the spam you have sent. These emails with the fake warning even attach a ZIP file that contains a scanned copy of a document that is supposed evidence of your spam.
    ionutpop05