14 DAY TRIAL // Security researchers warn of a new wave of spam emails posing as automated messages from Xerox WorkCentre Pro multifunctional devices that carry malicious attachments.
The Xeros WorkCentre Pro devices are popular and likely to be found in many business offices. This suggests that the primary targets of this campaign are companies and not individuals.
The rogue emails bear subjects of the form "Scan from a Xerox WorkCentre Pro #[number]" and claim to contain scanned documents.
The emails spoof the automated messages sent by the devices when their real email function is used. They read:
"Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro. Sent by: Guest. Number of Images: 1. Attachment File Type: ZIP [DOC]."
The attachements have names like Xerox_Document_08.23_C11125.zip or Xerox_Scan_08.23_K1274.zip and instead of documents they actually contain trojan installers.
This method of passing infected files as scanned documents is not new, but its repeated reuse suggests that the technique is rather successful.
The campaign shows the inventiveness of malware distributors. Users are much more likely to believe a message sent by what they think is one of their internal devices, than a third-party.
In fact, even users who usually treat email attachments with suspicion, might be tempted to just open and run the file thinking its one of the company's documents.
"As always, be very careful opening unsolicited attachments - even if you do think at first that they could have been sent to you by one of the photocopiers in your office building," advises Graham Cluley, a security expert from Sophos.
Even if your computer has an antivirus program installed, all attachments should be scanned on services like VirusTotal before opening them because they are tested with multiple anitivirus engines.