posted on Jun, 13 2013 @ 03:34 PM
Was given this by a colleague and thought I'd pass it along. For those who don't know, this is oldie making it's rounds again.
Today internet security teams are reporting a virus outbreak that is not detectable by current anti-virus signatures. If you get an email with
Xerox in it anywhere shift+delete (permanently delete) it ASAP, do not open or forward. Do not open or download attachment.
Scan from a Xerox WorkCentre Pro - Virus In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus
the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.
The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already
been infected by this campaign.
The Subject lines of the emails are consistently:
Subject: Scan from a Xerox WorkCentre Pro N 5458581
Subject: Scan from a Xerox WorkCentre Pro $4181035
In order to attempt to evade spam filtering systems, the very last part of the Subject line is a completely random number, so that no two emails will
look exactly alike.
The body of the messages says:
"Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro. Sent by: Guest Number of Images: 1 Attachment File
Type: ZIP [DOC] WorkCentre Pro Location: machine location not set Device Name: XRX3050AA7ACDB45167448 For more information on Xerox products and
solutions, please visit www.xerox.com..."
The "Device Name" in the message is also completely randomized to prevent exact matches by spam filters. The attachment payload of the email will be
a Zip file, an EXE file, or both and often also includes randomized numbers such as: * XeroxN55213.zip * Xerox_doc.exe Executing the attachment (which
is most definitely not a scanned document) launches the infection of the recipient's computer, adding it to the spammer's growing bot-net army of
spam spewing zombies.
Bot-net: A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send
Zombie: a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to
perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch
denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way.