SophosLabs is intercepting a widespread criminal campaign to infect innocent users’ computers. The attack has been spammed out widely, pretending to be an email containing a scan from an HP OfficeJet printer.
The precise wording used in the dangerous emails’ subject lines, message body and attachment names can vary – but here are some examples:
You will get an idea about some of the variations from the following randomly selected examples:
| Subject | Attached filename |
| Re: Fwd: Scan from a Hewlett-Packard Officejet 69087080 | HP_Document_02-22_OFCJET99677.htm |
| Fwd: Re: Scan from a HP Officejet #43384897 | HP_Scan_02-22_OFCJET67245.htm |
| Fwd: Re: Scan from a Hewlett-Packard Officejet #1584730 | HP_Scan_02-22_OFCJET67107.htm |
| Re: Scan from a Hewlett-Packard Officejet 1206754 | HP_Document_02-22_OFCJET94399.htm |
| Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #886303 1.2 | HP_Scan_02-23_OFCJET15517.htm |
| Re: Fwd: Fwd: Scan from a HP Officejet #75709542 | HP_Scan_02-22_OFCJET53685.htm |
| Fwd: Re: Fwd: Scan from a Hewlett-Packard Officejet #128469 | HP_Officejet_02-23_OFCJET71498.htm |
| Fwd: Re: Re: Scan from a Hewlett-Packard Officejet #662447 | HP_Scan_02-23_OFCJET99544.htm |
| Re: Scan from a HP Officejet #49477094 | HP_Officejet_02-22_OFCJET43520.htm |
| Fwd: Fwd: Scan from a Hewlett-Packard Officejet #885932 | HP_Document_02-23_OFCJET29774.htm |
| Fwd: Fwd: Scan from a HP Officejet #09665907 | HP_Document_02-22_OFCJET84014.htm |
Sophos security products detect the attached files as Mal/Iframe-W, and just as with yesterday’s “Changelog” malware attack, a malicious script inside the HTM file is designed to make your browser visit third-party sites which may contain further malicious and exploit code.
Attacks which cloak their true intentions by posing as a emailed scan from a printer are nothing new, and in the past have helped cybercriminals infect computers with Java and Adobe exploits.
Computer users need to learn to be wary of unsolicited attachments, and not blindly click on something just because it pretends to be an official communication.
Up-to-date anti-virus and anti-spam protection is a good defence. But remember to augment it with a good serving of common sense too in order to reduce the chances of an attack being successful.
Leave a reply
