New Oficla trojan version in emails with subject “Scan from a Xerox WorkCentre Pro”
August 20, 2010 1 Comment
MX Lab intercepted some emails with the subject “Scan from a Xerox WorkCentre Pro N 6204257″ that contains the latest Oficla trojan variant. The emails are sent from a spoofed email address and contains a subject in one of the following formats:
Scan from a Xerox WorkCentre Pro $6208924
Scan from a Xerox WorkCentre Pro #7943943
Scan from a Xerox WorkCentre Pro N9700617
Body of the email:
Please open the attached document. It was scanned and sent to you using a Xerox
WorkCentre Pro.Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]WorkCentre Pro Location: machine location not set
Device Name: XRX6919AA7ACDB46116749For more information on Xerox products and solutions, please visit
The email contains a ZIP archive named Tax report.zip with the 56 kB large document Xerox_doc.exe inside.
Virus Total permlink and MD5: eadf133be4dc58050626a5fd194fc546.
I have been getting these same stinkin emails now for a few days.
They are so easy for me to spot by now I just delete them ASAP. I really wish these people would do something better with their time besides sending spam email and viruses!
TIP: Another one to watch out for is the ones that say they are sending you a resume, the UPS ones and the DHL ones. Those are all viruses as well.