Login   |   Secure Purdue > News

Malicious email alert: "Scanned Image from a Xerox WorkCentre"

STEAM-ADVISORY NO. 20131023012
PURDUE UNIVERSITY SECURITY STEAM-CIRT
Wednesday, October 23, 2013 13:15:00 EDT

==OVERVIEW==

Email containing malicious .zip attachment with .exe application file.
The application is suspected to contain Cryptoware/Ransomware.

==SYSTEMS AFFECTED==

Purdue users, mostly targeted at employees. The malware aimed at
Windows systems.

==DETAILS==

Another instance of spam emails containing malware infected .zip
attachments has recently been distributed amongst Purdue users.

The attachment name is Scan_[random number].
The subject is "Scanned Image from a Xerox WorkCentre."
The sender is spoofing a Purdue address of Xerox.Device9@purdue.edu.

If you have received this email, please ignore and delete.

==SOLUTIONS==

A sample of the malware was sent to McAfee. They provided us with an
Extra.DAT file which has been pushed out via ePO.

Ignore or delete the email. If any user has taken any action to open
the contents of the attachment, assume the machine is compromised and
disconnect it from the network. Please contact us if that user has
access to any sensitive or restricted data. If not, please reimage
their workstation and have the user reset their password and challenge
questions.

==FURTHER INFORMATION AND RESOURCES==

w w w.purdue.edu/securePurdue/news/2013/recent-spam-emails-containing-malware-loaded-attachements.cfm
(remove spaces from links)

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to STEAM-CIRT:
w w w.purdue.edu/securePurdue/incidentReportForm.cfm
w w w.purdue.edu/securepurdue/steam
(remove spaces from links)

Posted by ITSP on October 23, 2013, in Advisory Alerts.