Symantec: Scammers Spreading Malware Via Spoofed Scanner Attachments

Brad Chacos

As antivirus programs and end users alike become more adept at identifying badware, malware authors are getting even sneakier in their quest to infect your computer. Social engineering is the name of the game now – just ask the NBC News exec who clicked on an infected Christmas tree attachment from an unknown sender . A new report says that scammers have begun using a novel trick to get users to open malicious files; they send emails that claim to be from the office’s printer/scanner, which is actually pretty friggin’ clever.

The malware authors spoof the sender domain to match the recipient’s, Symantec reports in its September 2011 Intelligence Report (PDF). The subject of the faked emails read “Scan from a < printer name > < random 6 to 8 digit number string >” and attached is a .zip file stuffed with a malicious executable. There are a couple of variants; sometimes, the baddies change the email up to make it look like it was forwarded by a colleague inside the building, while other times they tweak the coding of the evil .exe to make it look like an evil .doc, instead.

While the attack may be novel, it isn’t used nearly as much as another old standby; the most popular way to spread viruses is still rigged pornographic files, surprise surprise. Symantec said it was used four times more often than the printer spoofing in one 24 hour analysis.

Around the web