ID: IRCNE2011091266
Date: 2011-09-28
According to "computerworld", hackers have found a new hook to trick people into opening malicious attachments: send emails that purport to come from office printers.
"This is a new tactic we haven't really seen before," said Paul Wood, senior intelligence analyst for Symantec.
The emails invariably contain some kind of Trojan downloader, which can be used to download other malware or steal documents from the computer.
Symantec published examples of the emails collected recently in its latest monthly Symantec Intelligence Report. The emails at first glance look quite convincing.
Wood said it is common for the scammmers to spoof the sender's name and make it appear the email came from the same domain as the one that belongs to the recipient.
Wood said it is unlikely that most printers with the email sending ability can actually send a ".zip" file; those printers mostly send image file, he said.
Although Windows has the ability to open ".zip" files, there is evidence the scammers are trying to obscure the ".zip" extension for those who use third-party tools to unzip the content. In some archiving tools, the malicious attachment appears to have a ".doc" or ".jpg" file extension. The hackers have manipulated file names to make it less likely to arouse suspicions, Wood said.
The overall social-engineering technique is along the same lines as other methods observed of late, such as sending emails purporting to be from well-known couriers with various malicious attachments, Wood said.
- 3