It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Xerox Workcentre Pro

page: 1

log in


posted on Jun, 13 2013 @ 03:34 PM
Was given this by a colleague and thought I'd pass it along. For those who don't know, this is oldie making it's rounds again.

Today internet security teams are reporting a virus outbreak that is not detectable by current anti-virus signatures. If you get an email with Xerox in it anywhere shift+delete (permanently delete) it ASAP, do not open or forward. Do not open or download attachment.

Scan from a Xerox WorkCentre Pro - Virus In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.

The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.

The Subject lines of the emails are consistently:

Subject: Scan from a Xerox WorkCentre Pro N 5458581
Subject: Scan from a Xerox WorkCentre Pro $4181035

In order to attempt to evade spam filtering systems, the very last part of the Subject line is a completely random number, so that no two emails will look exactly alike.

The body of the messages says:

"Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro. Sent by: Guest Number of Images: 1 Attachment File Type: ZIP [DOC] WorkCentre Pro Location: machine location not set Device Name: XRX3050AA7ACDB45167448 For more information on Xerox products and solutions, please visit"

The "Device Name" in the message is also completely randomized to prevent exact matches by spam filters. The attachment payload of the email will be a Zip file, an EXE file, or both and often also includes randomized numbers such as: * * Xerox_doc.exe Executing the attachment (which is most definitely not a scanned document) launches the infection of the recipient's computer, adding it to the spammer's growing bot-net army of spam spewing zombies.

Bot-net: A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam.

Zombie: a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way.


log in