Fake Xerox scans may contain malware

Office workers should think twice before responding to an email inviting them to download a supposed file scanned by Xerox-branded machines.

 

Security vendor Bitdefender said the emails are part of a new spam campaign aiming to infect victims' systems with Trojans.

 

"According to Bitdefender data, we are talking about a 10,000 e-mail wave registered in less than an hour, qualifying this attack as significant," analyst Loredana Botezatu said in a blog post.

 

Botezatu said the email's subject tagline is “Scan from a Xerox WorkCentre,” which she said may be enough to lure some into clicking.

 

She said some employees may be prone to overlooking the details, "especially if they see the message was sent from someone within the company."

 

Also, Botezatu noted spammers have been known to look in databases of e-mail addresses for common or corporate domain names for "more targeted attacks."

 

Investigation showed the fake email distributes a downloader Trojan, which Bitdefender software identifies as Trojan.GenericKDV.1210899.

 

The Trojan looks for vulnerabilities on the victim PC to push malicious code.

 

"It usually works, since many users don’t keep their software up to date or patched with the latest security fixes," Botezatu said.

 

Once it finds the vulnerabilities, the malware downloads the banker Trojan.Zbot.IAO, which steals snatch passwords and user names, then monitors banking websites. — TJD, GMA News