Malware: 'Scan from a HP OfficeJet' attack spammed out widely

by Graham Cluley on February 23, 2012 | Leave a comment

Filed Under: Featured, Malware, Spam

printerSophosLabs is intercepting a widespread criminal campaign to infect innocent users' computers. The attack has been spammed out widely, pretending to be an email containing a scan from an HP OfficeJet printer.

The precise wording used in the dangerous emails' subject lines, message body and attachment names can vary - but here are some examples:

Malicious emails

Malicious emails

You will get an idea about some of the variations from the following randomly selected examples:

Malicious emails

Subject Attached filename
Re: Fwd: Scan from a Hewlett-Packard Officejet 69087080 HP_Document_02-22_OFCJET99677.htm
Fwd: Re: Scan from a HP Officejet #43384897 HP_Scan_02-22_OFCJET67245.htm
Fwd: Re: Scan from a Hewlett-Packard Officejet #1584730 HP_Scan_02-22_OFCJET67107.htm
Re: Scan from a Hewlett-Packard Officejet 1206754 HP_Document_02-22_OFCJET94399.htm
Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #886303 1.2 HP_Scan_02-23_OFCJET15517.htm
Re: Fwd: Fwd: Scan from a HP Officejet #75709542 HP_Scan_02-22_OFCJET53685.htm
Fwd: Re: Fwd: Scan from a Hewlett-Packard Officejet #128469 HP_Officejet_02-23_OFCJET71498.htm
Fwd: Re: Re: Scan from a Hewlett-Packard Officejet #662447 HP_Scan_02-23_OFCJET99544.htm
Re: Scan from a HP Officejet #49477094 HP_Officejet_02-22_OFCJET43520.htm
Fwd: Fwd: Scan from a Hewlett-Packard Officejet #885932 HP_Document_02-23_OFCJET29774.htm
Fwd: Fwd: Scan from a HP Officejet #09665907 HP_Document_02-22_OFCJET84014.htm

Sophos security products detect the attached files as Mal/Iframe-W, and just as with yesterday's "Changelog" malware attack, a malicious script inside the HTM file is designed to make your browser visit third-party sites which may contain further malicious and exploit code.

Attacks which cloak their true intentions by posing as an emailed scan from a printer are nothing new, and in the past have helped cybercriminals infect computers with Java and Adobe exploits.

Computer users need to learn to be wary of unsolicited attachments, and not blindly click on something just because it pretends to be an official communication.

Up-to-date anti-virus and anti-spam protection is a good defence. But remember to augment it with a good serving of common sense too in order to reduce the chances of an attack being successful.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.