Scan from a Xerox WorkCentre? Trojan attack spammed out widely

Xerox photocopierEmails claiming to come from a Xerox WorkCentre Pro photocopier have been spammed widely across the internet, containing a malicious file as an attachment.

Modern photocopiers don’t just copy your confidential documents, or see the downside of inebriated staff antics at the office party, they can also email you your documents these days.

Which makes them a possibly all-too-convincing disguise for today’s spammed-out malware campaign.

Although the precise wording varies from email to email, they all claim to be a scan (or sometimes a forwarded scan) from a Xerox WorkStation Pro.

Scan from a Xerox WorkCentre Pro

Subject:

Scan from a Xerox WorkCentre Pro #[number]

Message body:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]

WorkCentre Pro Location: machine location not set
Device Name: [random]

The names of attached files can vary but are along the lines of Xerox_Document_08.23_C11125.zip and Xerox_Scan_08.23_K1274.zip.

Sophos products have been intercepting the emails as spam, and will be detecting the attached file as the Troj/Dload-ID Trojan horse.

As always, be very careful opening unsolicited attachments – even if you do think at first that they could have been sent to you by one of the photocopiers in your office building.

This attack has been spammed out very aggressively – and it seems certain that some computer users may have fallen victim to it.