New Xerox WorkCentre Pro Infecting Emails Detected
A new series of spam e-mails alleged to be automated messages sent by 'Xerox WorkCentre Pro machines' were circulating a Trojan from the malware family Oficla, as reported by Softpedia on August 20, 2010.
The WorkCentre Pro is a popular series of multitasking devices including printing, scanning, copying, and faxing functions produced by Xerox. These devices, which are generally used in large organizations and companies, have the capability to send automated e-mails along with scanned copies of documents.
MX Lab (a security firm) seized some emails with subject line as "Scan from a Xerox WorkCentre Pro N 6204257? that includes the recent Oficla Trojan variant. These emails were sent from a spoofed email address and had subject in one of the following categories: "Scan from a Xerox WorkCentre Pro #7943943", "Scan from a Xerox WorkCentre Pro N9700617", and "Scan from a Xerox WorkCentre Pro $6208924".
The content of the email asks the readers to open the attachment. It also informs the readers that it was scanned and sent using a Xerox WorkCentre Pro. The email includes a ZIP archive named Tax report.zip along with the 56 kB document named Xerox_doc.exe. In case the users execute the file, a variant of Oficla computer Trojan will be installed on their computers. 10 out of 42 anti-virus programs on VirusTotal detected this sample as malicious on August 19, 2010.
Commenting on these attacks, security experts said that it seemed malware distributors had copied the scanner's email template once again and employed it to design infected emails that appeared familiar to many people in office environments.
A similar campaign was also detected in July 2010. Though the subject lines were different in previous campaign, the e-mails content remained same.
Security experts advised users and said that the practice of exploiting known e-mail templates to scam users was one that had been seen a lot lately. Users are recommended to exercise caution while clicking on links in emails or opening attachments even though they seem to be sent by a reliable source.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 26-08-2010