Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Scan From Xerox WorkCentre Pro Malware Emails

A Hoax-Slayer Nutshell - Read More Nutshells

Published on 18th July 2010 by Brett M. Christensen

Some of my email accounts have been receiving emails that claim to have an attached document that "was scanned and sent to you using a Xerox WorkCentre Pro". The message includes other data that supposedly provides more information about the attachment and the device that created it.

However, the .zip file attachment actually contains malware that has been identified by email security firm MX Lab as a variant of the Oficla trojan. Once installed, this malware can secretly connect to a remote server, download further malware components and add the compromised machine to a botnet.

The technical sounding information included in the malware emails is apparently intended to fool recipients into believing that the attachment is a legitimate document. Of course, the bogus messages have no connection to Xerox or its products. The spammers responsible for the attack have apparently copied the typical email template used by Xerox WorkCentre Pro scanners for use in their malware emails.

An example of one of the malware emails:
Subject: Scan from a Xerox WorkCentre Pro N 2989630

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]

WorkCentre Pro Location: machine location not set
Device Name: XRX9810AA7ACDB43392000
For more information on Xerox products and solutions, please visit

More Information:
Oficla trojan in emails with subject “Scan from a Xerox WorkCentre Pro”
Fake Xerox WorkCentre Pro Scans Hide Trojan

Bookmark and Share