Malicious email alert: "Scanned Image from a Xerox WorkCentre"

STEAM-ADVISORY NO. 20131023012
Wednesday, October 23, 2013 13:15:00 EDT


Email containing malicious .zip attachment with .exe application file.
The application is suspected to contain Cryptoware/Ransomware.


Purdue users, mostly targeted at employees. The malware aimed at
Windows systems.


Another instance of spam emails containing malware infected .zip
attachments has recently been distributed amongst Purdue users.

The attachment name is Scan_[random number].
The subject is "Scanned Image from a Xerox WorkCentre."
The sender is spoofing a Purdue address of

If you have received this email, please ignore and delete.


A sample of the malware was sent to McAfee. They provided us with an
Extra.DAT file which has been pushed out via ePO.

Ignore or delete the email. If any user has taken any action to open
the contents of the attachment, assume the machine is compromised and
disconnect it from the network. Please contact us if that user has
access to any sensitive or restricted data. If not, please reimage
their workstation and have the user reset their password and challenge


w w
(remove spaces from links)


For questions concerning this advisory, please send email to:

Report computer-related abuse to STEAM-CIRT:
w w
(remove spaces from links)

Posted by ITSP on October 23, 2013, in Advisory Alerts.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at

PDF files can be viewed in Adobe Acrobat Reader.