madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware

By | August 25, 2011, 6:28am PDT

Summary: Sophos have intercepted a currently circulating malware campaign, enticing users into downloading and executing malicious file attachments.

Researchers from Sophos have intercepted a currently circulating malware campaign, enticing users into downloading and executing malicious file attachments.

The campaign attempts to trick users into thinking that they have received an email from a Xerox WorkCentre Pro photocopier, and has the following filenames attached to it Xerox_Document_08.23_C11125.zip; Xerox_Scan_08.23_K1274.zip.

Spamvertised as:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.Sent by: GuestNumber of Images: 1Attachment File Type: ZIP [DOC]WorkCentre Pro Location: machine location not setDevice Name: [random]

Related posts:

Users are advised not to interact with suspicious emails, or spam emails in general.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Xerox Corp., Sophos Plc., Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 5 Talkback(s)

  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware
    Thanks for bringing spreading the word about these suspicious looking e-mails; this is something we?ve been advising customers on for more than a year now. As you mention, the e-mail mimics a scan-to-e-mail file from a Xerox WorkCentre Pro. It?s important that customers be suspicious of all scan-to-e-mail files that they were not expecting to receive and to pay attention to the ?From? field of these e-mails. The spam e-mail may fill in the ?From? field with a user name to make the e-mail look safe, as opposed to a machine name (i.e. wcp245@xerox.com). I advise all users to only open email attachments that are sent from a reliable, identifiable source. I encourage your readers to check Xerox.com/information-security/news for ongoing tips and advice.
    Larry Kovnat, Sr. Manager, Product Security
    ZDNet Gravatar
    lkovnat
    25th Aug
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware
    Thank you very much for your sharing. rolex watches
    ZDNet Gravatar
    lovedong
    13th Sep
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware
    Thanks for your post and for helping to keep your readers informed about this spam. In order to defend against these types of malware campaigns, businesses can no longer rely on point solutions such as firewalls, IDS/IPS devices or simple IP reputations. Solutions that can provide deep content inspection to detect embedded attacks across email and Web sessions should also be implemented. This incident also illustrates the importance of ensuring network layer Data Leakage Prevention (DLP) for service providers, in order to prevent the outflow of email addresses. Our company, Wedge Networks focuses on building these robust and scalable solutions for both ISPs and large enterprises.
    ZDNet Gravatar
    HongwenZhangWedge
    31st Aug
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware
    Handy to know thanks for the info.
    A happy PC is malware free.
    ZDNet Gravatar
    kiwisewi77
    1st Sep
  • RE: Spamvertised 'Scan from a Xerox WorkCentre Pro' leads to malware
    Its important that customers be suspicious of all scan-to-e-mail files that they were not expecting to receive and to pay attention to the field of these e-mails.In order to defend against these types of malware campaigns, businesses can no longer rely on point solutions such as firewalls.ponturi.Thanks and wish all the best.
    ZDNet Gravatar
    adam drabik
    29th Nov

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources