Omniquad’s technicians are warning about emails that appear to come from your own scanner or multipurpose printer! The emails got caught in the Mailwall Remote spam filter, and at first they thought they were legitimate scanned documents, but the emails did not in fact contain any scanned documents, but links to sites containing malware.
The fake printer emails claim to have an attached document that come from a Xerox WorkCentre or HP Office Jet printer. The precise wording used in the e-mail body and types of attachment and attachment name varies from email to email; they all claim to be a scan (or sometimes a forwarded scan) from a Xerox WorkCentre or HP Office Jet printer to fool recipients into believing that attachment is a legitimate document.
These fake messages have no connection with Xerox or HP products.
However the attachment actually containing an HTML or HTML inside ZIP that leading to malware sites which are hosted on multiple IPs. The ZIP format is probably being used to dodge most spam filters.
To be precise, the HTML or ZIP attachment contains java script which leads to malware sites and secretly downloads a Trojan and add the compromised machine to a botnet. This Trojan may modify the system registry and file system. It may also attempt to download and install additional malware on the targeted system.
In light of this, it is important to be vigilant with emails that seem to come from a trusted source like your own scanner.
For information, a few of the malware sites linked to are listed below.
Omniquads warning: Before opening any attachments ensure that this is in fact a legitimate email from your scanner and not a scam email with malicious links.