Email from your photocopier? It could be a malware attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Word malware

Twenty years ago, the first Word macro malware spread across the planet.

Embedded inside a Word document, and rather unhelpfully given a kick start by being shipped on a Microsoft CD ROM, the Concept virus proved that people were much more willing to open unsolicited .DOC files than something more obviously suspicious like an .EXE attachment.

It would be great to think that after two decades of fighting malware in Word documents, users would have learnt to be more cautious or – heaven forbid – Microsoft might have rethought the wisdom of embedding a macro programming language inside the Word document format.

Sign up to our free newsletter.
Security news, advice, and tips.

But macro malware hasn’t gone away, as today’s example shows.

Someone is spamming out malicious emails, pretending that they come from your photocopier.

Scanned image malware

The emails which appear to come from [email protected] (where example.com is your email’s domain name), claim to be a scanned image from your printer.

Sharp printerIn the case of the malicious email I received, the message pretends to be from a Sharp multi-functional printer called the MX-2310U.

Like many modern office printers these days, the MX-2310U doesn’t just limit itself to printing. It can also fax, photocopy and scan.

I, of course, don’t own a Sharp MX-2310U, and it definitely isn’t attached to my network. So there was no way I was going to open the unsolicited .DOC file I had been sent.

Which is just as well, because if I had launched the attachment then Microsoft Word would have prompted me to enable macros.

Macros are disabled. Is it safe to enable them?

And if I had fallen for that, the malicious macro code would have attempted to download a banking Trojan horse onto my computer. Conrad Longmore on the Dynamoo blog reports that the criminals behind this campaign are using it to infect Windows PCs with a version of the Dridex malware.

Take care folks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Email from your photocopier? It could be a malware attack”

  1. Alex H

    I remember when Graham would publish information about Flash exploits and go on to suggest users enable click to play.
    Some advice to follow in those footsteps, the majority of users don't need macros enabled on Word documents, so for those who don't need it you can disable it or have it warn you before running.

    Windows:
    File->Options->Trust Center->Trust Center Settings Button-> Macro Setting->Tick Disable all macros with notification

    Mac:
    Word->Preferences->Security-> Tick warn before opening a file that contains macros

    IT Administrators can force this in Group Policy:
    User Config->Policies->Administrative Templates->Microsoft Word->Word Options->Security->Trust Center->Block macros from running in Office files from the Internet

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.