The Latest in IT Security

“Scan from a Hewlett-Packard ScanJet” spam 6/4/12

06
Apr
2012

Another fake HP scan spam email leading to malware. This one follows the new technique of putting a malicious HTML (HP_Scan.htm) file inside a ZIP file to reduce the risk of it being blocked, and then it has multiple payload sites to try to get a higher infection rate. Nasty.

Date:      Fri, 6 Apr 2012 08:29:34 +0200
From:      “Hewlett-Packard Officejet 70419A” [[email protected]]
Subject:      Scan from a Hewlett-Packard ScanJet #02437326
Attachments:     HP_Document-12-Z1380.zip

Attached document was scanned and sent

to you using a Hewlett-Packard HP Officejet 45211A.

Sent by: MILLIE
Images : 7
Attachment Type: ZIP [DOC]

Hewlett-Packard Officejet Location: machine location not set
Device: OFC347AA3BSX37057762

The payload can be found at:
hxxp://211.44.250.173:8080/navigator/jueoaritjuir.php
hxxp://62.85.27.129:8080/navigator/jueoaritjuir.php
hxxp://219.94.194.138:8080/navigator/jueoaritjuir.php
hxxp://78.83.233.242:8080/navigator/jueoaritjuir.php
..the IP address can also be found in this attack.

A Wepawet report can be found here.  Anti-virus detection is pretty poor at the moment.

The bad guys certainly seem to have found a way to bring more machines into contact with this malware. Take care!

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments