Beware of Emails With Xerox Scans Attached

In the last 4 days or so I have received about 45 emails and counting purporting to be from someone who scanned documents using a Xerox scanner.  Although they are not originating from Xerox or their equipment spammers are using their name to breed some familiarity with users to fool them into executing the attachment.

The emails have some slight variations but this is the basic format of what I am seeing:

Please open the attached document. It was scanned and sent to you using a Xerox
WorkCentre Pro.

Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]

WorkCentre Pro Location: machine location not set
Device Name: XRX3412AA7ACDB46538211

For more information on Xerox products and solutions, please visit
http://www.xerox.com

The attachment also contains a variation of the name XeroxNXXXXXX.zip with XXXXXXX being a random number. Opening the attachment reveals a executable file named Xerox__Doc.exe.

I submitted a sample of this code to the Microsoft Malware Protection Center via their online submission form.  They reported back that the Xerox_Doc.exe contained the Win32/Malagent Trojan.  The MMPC reports the latest definitions for Microsoft anti-malware software will detect the trojan.

So make sure you have everything updated and be smart and do not execute these types of attachments even with updated signatures.

Have you seen this malware attempt yourself?

Related Posts

• eFax Trojan Email Warning
• October 2011 Patch Tuesday Related Bulletins Released
• Holiday Scams and Malware
• January 2011 Patch Tuesday Summary
• McAfee and their Recent False Positive

Richard Hay  (3358 Posts)

Richard is the Owner of WindowsObserver.com and has been involved in tech for over 25 years. His first website – AnotherWin95.com – came online in 1995. Back then he used GeoCities Web Hosting for it and what you see here today is the result of the work he has continued on the site since 1995. In January 2010 his community contributions were recognized by Microsoft when he was awarded the Most Valuable Professional (MVP) Award for Windows Desktop Experience. In January 2011 he was renewed as a Microsoft MVP but in a new category called Windows Expert - Consumer and in January 2012 he received the award for the third time.