Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a scanned document from a Xerox WorkCentre device. The text in the e-mail message attempts to convince the recipient to open the attachment and view the document. However, the .zip attachment could contain a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5698) may contain the following files:
Xerox_Scan_04-03-2013.exe
Xerox_Scan_04-03-2013-3768145.zip
The Xerox_Scan_04-03-2013.exe file in the Xerox_Scan_04-03-2013-3768145.zip attachment has a file size of 101,888 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x11F0039BB6DC794EC84FE8060F1F621A
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Scanned Image from a Xerox WorkCentre
Message Body:
Reply to: Xerox.WorkCentre@finaledgedev.com
Device Name: Not Set
Device Model: Scab-2931N
Location: Not Set
File Format: PDF (Medium)
File Name: Xerox_Scan_04-03-2013-3768145.zip
Resolution: 200dpi x 200dpi
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Soure: Cisco Systems