Here is an email I received this morning, claiming to come from an email address at my domain name: .
The email is fairly perfunctory with its subject line of “Scan from KM1650”, and its body text of “Please find attached your recent scan”.
Attached to the file is a Microsoft Word document called =SCAN7318_000.DOC.
Now, this might be slightly plausible if I had a scanner attached to my network which I had configured to email me scans. But I don’t.
One assumes the criminals behind the attack are banking that my place of work uses a Kyocera KM-1650 multi-function printer, or that I’m simply so excited about receiving an email from a scanner that I would open the attachment without even thinking.
Of course, if you receive the malware in your email chances are that it won’t claim to be from . Instead, it will probably pretend to be email@example.com instead, where example.com matches the domain and tld of your email address.
There has been a long history of cybercriminals spamming out malware pretending to be from printers and scanners, and there have been a number of recent campaigns suggesting that it’s a disguise that continues to dupe the unwary.
A quick check on VirusTotal reveals that relatively few anti-virus products are identifying the malware presently, but I can tell you that the Word document contains auto-executing macros that attempt to download further malicious code from the net designed to infect your Windows PC.
Always be suspicious of unsolicited emails, and be wary of opening files which may be attached to them. Acting recklessly with the contents of your inbox could mean your computer ends up compromised and your bank account plundered.
Repeat after me:
“Thou shalt not open dodgy-looking attachments in unsolicited emails”
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.