Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?

Filed Under: Featured, Malware, Spam

HP ScanJet printerComputer users are being warned to be on their guard, after cybercriminals spammed out an attack posing as emails from Hewlett-Packard ScanJet printers.

If you work in a business environment, you might well be used to receiving dull-looking emails from printers and scanners in your workplace containing attachments of the scan that the device has just completed.

And that's precisely the disguise that malicious hackers can use to infect your computer with a Trojan horse.

We've talked about these type of attacks several times before, but in the past the danger has typically arrived in the form of an email attachment posing as, say, a PDF of the scan.

In this latest attack, users are tricked into clicking on a link in the message which redirects users to a website harbouring malware.

Example of malicious email

In this particular case, clicking on the link leads unsuspecting computer users to a Russian webpage. Sophos products block the dangerous page as Mal/ExpJS-N.

Of course, these particular emails do not come from a printer inside your enterprise - their headers have been forged to appear as if they have come from inside your organisation.

And, of course, this isn't HP's fault. There isn't really anything they can do to stop online scammers and criminals 'borrowing their brand' in this way.

As always, be very careful dealing with unsolicited emails and wary of clicking on unknown links - even if you do think at first that they could have been sent to you by one of the printers or photocopiers in your office building.

, , , , ,

You might like

6 Responses to Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?

  1. Ian Watkins · 381 days ago

    I also saw one purporting to be from an external fax-to-email service.

  2. Susanne Plaumann · 381 days ago

    I'vereceived such emails several times since November 2012, citing a XEROX scanner sending me a scanned image. Luckily my antivirus software detected them immediately as threats and deleted the attached files.

  3. Karen · 381 days ago

    Yup, I've been getting these messages all week and been deleting them, but I just went and cleared out my deleted items folder. Thanks for the heads up!

  4. Karl Puder · 381 days ago

    Actually, because many (HP and others) printers are left with their default passwords and telnet access active, it's quite possible that these emails *are* coming from the printer, with malware in the attachment. I haven't seen a proven instance of this yet, but it's only a matter of time.

    • Hugh Duffy · 380 days ago

      Karl, you are l absolutely right. Steve Gibson reported on the Telnet apocalypse in a recent podcast of Security Now. If you go to Gibson's web site (GRC.com) and use his Shield Up service, you can check for open ports, including the telnet port.

  5. Keith · 381 days ago

    Seen similar from Xerox Copier... on our system

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.