close
August 25, 2011 - Xerox has received more inquiries about “Scanned from a WorkCentre Pro” malware in e-mailed PDF files – Malware Alert
As a variant to the SPAM alert we posted last summer, customers are now receiving e-mails that appear to be notifications that an e-mail containing a PDF file could not be delivered. During last summer, files that had the file extension of .ZIP or .EXE were sent and those formats are not supported by Xerox devices. The danger is that now, the attachments are PDF files which are supported as a valid scan format from Xerox WorkCentre devices. The mail notes may look like a realistic “bounce” message from a Mail Transfer Agent. Being aware of which MTA you or your company uses could help in identifying fake notes.
Users are tempted to open the PDF file with the phrase, “Please open the attached document. It was scanned and sent to you using a XER0X Work Centre Pro.”
Xerox advises all users to only open scan to e-mail files that are sent from a reliable, identifiable, and verifiable source. The other key way to determine if this is a scam e-mail, versus real, is that the “From” field of the spam e-mail will mimic an actual user’s e-mail address, as opposed to a machine name e-mail (i.e. wcp245@xerox.com). These files could contain a number of Oficia Trojan variants or some of the more recent PDF malware code.
Customers with questions should contact their local Xerox sales representative, or call 1-800-ASK-XEROX.
As a variant to the SPAM alert we posted last summer, customers are now receiving e-mails that appear to be notifications that an e-mail containing a PDF file could not be delivered. During last summer, files that had the file extension of .ZIP or .EXE were sent and those formats are not supported by Xerox devices. The danger is that now, the attachments are PDF files which are supported as a valid scan format from Xerox WorkCentre devices. The mail notes may look like a realistic “bounce” message from a Mail Transfer Agent. Being aware of which MTA you or your company uses could help in identifying fake notes.
Users are tempted to open the PDF file with the phrase, “Please open the attached document. It was scanned and sent to you using a XER0X Work Centre Pro.”
Xerox advises all users to only open scan to e-mail files that are sent from a reliable, identifiable, and verifiable source. The other key way to determine if this is a scam e-mail, versus real, is that the “From” field of the spam e-mail will mimic an actual user’s e-mail address, as opposed to a machine name e-mail (i.e. wcp245@xerox.com). These files could contain a number of Oficia Trojan variants or some of the more recent PDF malware code.
Customers with questions should contact their local Xerox sales representative, or call 1-800-ASK-XEROX.
RSS Feed: Get Xerox Security Bulletins
