Malware: 'Scan from a HP OfficeJet' attack spammed out widely

Filed Under: Featured, Malware, Spam

printerSophosLabs is intercepting a widespread criminal campaign to infect innocent users' computers. The attack has been spammed out widely, pretending to be an email containing a scan from an HP OfficeJet printer.

The precise wording used in the dangerous emails' subject lines, message body and attachment names can vary - but here are some examples:

Malicious emails

Malicious emails

You will get an idea about some of the variations from the following randomly selected examples:

Malicious emails

Subject Attached filename
Re: Fwd: Scan from a Hewlett-Packard Officejet 69087080 HP_Document_02-22_OFCJET99677.htm
Fwd: Re: Scan from a HP Officejet #43384897 HP_Scan_02-22_OFCJET67245.htm
Fwd: Re: Scan from a Hewlett-Packard Officejet #1584730 HP_Scan_02-22_OFCJET67107.htm
Re: Scan from a Hewlett-Packard Officejet 1206754 HP_Document_02-22_OFCJET94399.htm
Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #886303 1.2 HP_Scan_02-23_OFCJET15517.htm
Re: Fwd: Fwd: Scan from a HP Officejet #75709542 HP_Scan_02-22_OFCJET53685.htm
Fwd: Re: Fwd: Scan from a Hewlett-Packard Officejet #128469 HP_Officejet_02-23_OFCJET71498.htm
Fwd: Re: Re: Scan from a Hewlett-Packard Officejet #662447 HP_Scan_02-23_OFCJET99544.htm
Re: Scan from a HP Officejet #49477094 HP_Officejet_02-22_OFCJET43520.htm
Fwd: Fwd: Scan from a Hewlett-Packard Officejet #885932 HP_Document_02-23_OFCJET29774.htm
Fwd: Fwd: Scan from a HP Officejet #09665907 HP_Document_02-22_OFCJET84014.htm

Sophos security products detect the attached files as Mal/Iframe-W, and just as with yesterday's "Changelog" malware attack, a malicious script inside the HTM file is designed to make your browser visit third-party sites which may contain further malicious and exploit code.

Attacks which cloak their true intentions by posing as an emailed scan from a printer are nothing new, and in the past have helped cybercriminals infect computers with Java and Adobe exploits.

Computer users need to learn to be wary of unsolicited attachments, and not blindly click on something just because it pretends to be an official communication.

Up-to-date anti-virus and anti-spam protection is a good defence. But remember to augment it with a good serving of common sense too in order to reduce the chances of an attack being successful.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.