The Latest in IT Security

“Scan from a Hewlett-Packard ScanJet” spam 6/4/12

06
Apr
2012

Another fake HP scan spam email leading to malware. This one follows the new technique of putting a malicious HTML (HP_Scan.htm) file inside a ZIP file to reduce the risk of it being blocked, and then it has multiple payload sites to try to get a higher infection rate. Nasty.

Date:      Fri, 6 Apr 2012 08:29:34 +0200
From:      “Hewlett-Packard Officejet 70419A” [[email protected]]
Subject:      Scan from a Hewlett-Packard ScanJet #02437326
Attachments:     HP_Document-12-Z1380.zip

Attached document was scanned and sent

to you using a Hewlett-Packard HP Officejet 45211A.

Sent by: MILLIE
Images : 7
Attachment Type: ZIP [DOC]

Hewlett-Packard Officejet Location: machine location not set
Device: OFC347AA3BSX37057762

The payload can be found at:
hxxp://211.44.250.173:8080/navigator/jueoaritjuir.php
hxxp://62.85.27.129:8080/navigator/jueoaritjuir.php
hxxp://219.94.194.138:8080/navigator/jueoaritjuir.php
hxxp://78.83.233.242:8080/navigator/jueoaritjuir.php
..the IP address can also be found in this attack.

A Wepawet report can be found here.  Anti-virus detection is pretty poor at the moment.

The bad guys certainly seem to have found a way to bring more machines into contact with this malware. Take care!

Leave a reply


Categories

SATURDAY, JUNE 23, 2018

Featured

Archives

Latest Comments

Social Networks