The Latest in IT Security

“Scan from a Xerox WorkCentre Pro #25825448” spam /


Another malicious HTML-in-ZIP attack, this time leading to malware on

From: ROSALBA Poe [mailto:[email protected]]
Sent: 28 March 2012 19:34
Subject: Scan from a Xerox WorkCentre Pro #25825448

Please open the attached document. It was scanned and sent

to you using a Xerox Center Pro .
Sent by: Guest
Number of Images: 8
Attachment File Type: .HTML

Device Name: XR550PDD9SM84547752

In the ZIP is an HTML file called Invoice_NO_Mailen.htm which contains obfuscated javascript leading to a malware site on (report here). This is hosted on a similar set of IPs to this attack yesterday. (AfricaINX, South Africa) (Neotel Pty, South Africa) (ChinaNet Hunan, China) (Microlink, Latvia) (Spectrum Net JSC, Bulgaria) (Bharti Infotel Ltd, India) (Ardh Global, Indonesia) (Ministry of Education, Thailand) (Satata Neka Tama, Indonesia) (Commission For Science And Technology, Pakistan) (Commission For Science And Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Psychz Networks, US) (Sakura Internet, Japan)

Plain list for copy-and-pasting:

Leave a reply


MONDAY, APRIL 15, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments