MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email that is disguised in such a way that it appears to come from an internal scanner device in your office.
This email is send from the spoofed address “scanner@*yourdomain*” and has the following body:
This E-mail was sent from “RNPF117EA” (Aficio MP C5000).
Scan Date: Wed, 11 Nov 2015 12:40:57 +0300
Queries to: scanner@*yourdomain*
The attached file name contains a string of random numbers like 20151029110925329.xls. This Excel sheet contains mailicious macro coding that will download other malware.
The Excel file is detected by 3 of the 52 AV engines at Virus Total and is known as LooksLike.Macro.Malware.gen!x3 (v) or O97M/Downloader.
Use the Virus Total for more detailed information.