Malware makes its way to computers in many ways, but one of the most common methods is by tricking users into opening email attachments that seem to have come from a friend, relative or other trustworthy sender. You can now add networked office appliances to that list of spoofed identities, as a currently ongoing scam sends dangerous attachments under the guise of your office's scanner, with email messages that look good enough to be true.
Independent security analyst Graham Cluley and a Tom's Guide's staff member both received such emails yesterday (Feb. 11). In both cases, the sender spoofed the recipient's own email domain, making it appear that the emails came from within the same company. The body of the message contained the text "Please find attached your recent scan," and a Microsoft Word document named named =SCAN7318_000.DOC was attached.
Our staffer was suspicious of the message, which made it past our company's spam filter, from the moment it hit his inbox. As for Cluley, he recognized that the message couldn't have originated from his own domain because he has no scanner configured to send documents. (The email spoofs a message from a Kyocera KM-1650 multi-function printer.) The malware distributors know, however, that many people will trust any message that comes from within their own companies.
We tried to save (but not open) the Word attachment, but our installed Bitdefender antivirus program warned us that it contained the widely distributed W97M.Downloader malware. That's a "dropper" that, once installed, opens a backdoor on your system, then calls out to the Internet and downloads and installs a plethora of other malware.
But for that to happen, you have to save and open the Word document first. You'll be the one, however unwittingly, opening up your system to an attack. To avoid such situations, run robust antivirus software and never open attachments that you weren't expecting -- even if they seem to come from friends, coworkers or networked office appliances.