MX Lab intercepted some emails with the subject “Scan from a Xerox WorkCentre Pro N 6204257″ that contains the latest Oficla trojan variant. The emails are sent from a spoofed email address and contains a subject in one of the following formats:
Scan from a Xerox WorkCentre Pro $6208924
Scan from a Xerox WorkCentre Pro #7943943
Scan from a Xerox WorkCentre Pro N9700617
Body of the email:
Please open the attached document. It was scanned and sent to you using a Xerox
WorkCentre Pro.
Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]
WorkCentre Pro Location: machine location not set
Device Name: XRX6919AA7ACDB46116749
For more information on Xerox products and solutions, please visit
http://www.xerox.com
The email contains a ZIP archive named Tax report.zip with the 56 kB large document Xerox_doc.exe inside.
Virus Total permlink and MD5: eadf133be4dc58050626a5fd194fc546.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- Oficla trojan in emails with subject “Scan from a Xerox WorkCentre Pro”
MX Lab intercepted some emails with the subject “Scan from a Xerox WorkCentre Pro N 6204257″ that contains the latest Oficla trojan variant. The emails are sent from a spoofed email addres... - New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - Oficla trojan found in emails with subject “Please look my CV. Thank you.”
MX Lab started to intercept emails with the subject “Please look my CV. Thank you.” with the trojan Gen:Variant.Bredo.4 (Bitdefender, F-Secure), TrojanDropper:Win32/Oficla.G (Microsoft), T... - Trojan attached to “Scan from a Xerox WorkCentre” messages
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Scan from a Xerox WorkCentre P9275821″.
The email is send from the spoofed ... - New Oficla trojan in messages with subject “Changelog 07.06.2010″
MX Lab intercepted a new variant of the trojan Oficla in messages with the subject “Changelog 07.06.2010″. The from address is spoofed and choosen randomly.
Some samples of the email body:... - Emails with the subject “UPS INVOICE NR9094991″ and “Delivery Problem NR2204780″ contains trojan
A combination of the “Thank you for buying iTunes Gift Certificate!” and the latest UPS related emails with subjects like “UPS INVOICE NR9094991″ or ”Delivery Problem NR... - Sasfis trojan present in emails with subject Statement of fees 2009/2010
MX Lab intercepted messages with the subject “Statement of fees 2009/2010″ that contains the Sasfis trojan attached in a ZIP archive. The email is send from various spoofed email addresses... - Canadian Pharmacy pops up in emails from Facebook with subject “Welcome to Facebook Goods”
MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign, since yesterday, by email with the subject “Welcome to Facebook Goods”. These messages are sent from the spoofed emai... - More interesting things…Mac version of Koobface trojan
Hi folks,
As the title says, there are many more interesting things today.
Firstly, there's evidently a Mac version of the Koobface trojan circulating. Readers of this blog will recall that I have o... - UPS Spam Mail
Emsisoft Labs are always on the lookout for something out of the ordinary happening, and we recently came across a circulation of spam portraying as fake FedEx Emails. Emsisoft Anti-Malware will det...
Posted on 20 August 2010. Tags: “Scan, emails, Oficla, Pro”, subject, Trojan, Version, WorkCentre, Xerox
