Computer users are being warned to be on their guard, after cybercriminals spammed out an attack posing as emails from Hewlett-Packard ScanJet printers.
If you work in a business environment, you might well be used to receiving dull-looking emails from printers and scanners in your workplace containing attachments of the scan that the device has just completed.
And that’s precisely the disguise that malicious hackers can use to infect your computer with a Trojan horse.
We’ve talked about these type of attacks several times before, but in the past the danger has typically arrived in the form of an email attachment posing as, say, a PDF of the scan.
In this latest attack, users are tricked into clicking on a link in the message which redirects users to a website harbouring malware.
In this particular case, clicking on the link leads unsuspecting computer users to a Russian webpage. Sophos products block the dangerous page as Mal/ExpJS-N.
Of course, these particular emails do not come from a printer inside your enterprise – their headers have been forged to appear as if they have come from inside your organisation.
And, of course, this isn’t HP’s fault. There isn’t really anything they can do to stop online scammers and criminals ‘borrowing their brand’ in this way.
As always, be very careful dealing with unsolicited emails and wary of clicking on unknown links – even if you do think at first that they could have been sent to you by one of the printers or photocopiers in your office building.
6 comments on “Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?”
I also saw one purporting to be from an external fax-to-email service.
I'vereceived such emails several times since November 2012, citing a XEROX scanner sending me a scanned image. Luckily my antivirus software detected them immediately as threats and deleted the attached files.
Yup, I've been getting these messages all week and been deleting them, but I just went and cleared out my deleted items folder. Thanks for the heads up!
Actually, because many (HP and others) printers are left with their default passwords and telnet access active, it's quite possible that these emails *are* coming from the printer, with malware in the attachment. I haven't seen a proven instance of this yet, but it's only a matter of time.
Karl, you are l absolutely right. Steve Gibson reported on the Telnet apocalypse in a recent podcast of Security Now. If you go to Gibson’s web site (GRC.com) and use his Shield Up service, you can check for open ports, including the telnet port.
Seen similar from Xerox Copier… on our system