Fake “Scan from a HP OfficeJet” email lead to malware

A hot topic of the end of the month is the Fake “Scan from a HP OfficeJet” email lead to malware

In the last few weeks there has benn notifications going around about documents having been scanned and sent via a HP OfficeJet printer/scanner that are trying to mislead users again and trick them to open the attached HTML files:

This campaign is very spread, but the subject lines and the content of the emails, and also the name of the attached file, are continuously changed a little so that they can bypass spam filters.

The attached HTML files of the Fake “Scan from a HP OfficeJet” email lead to malware carry a malicious script that forces the victims’ browser to visit third-party sites likely laden with exploit code and/or malware.

“Attacks which cloak their true intentions by posing as a emailed scan from a printer are nothing new, and in the past have helped cybercriminals infect computers with Java and Adobe exploits,”points out Graham Clueley. “Computer users need to learn to be wary of unsolicited attachments, and not blindly click on something just because it pretends to be an official communication.”

The Fake “Scan from a HP OfficeJet” email lead to malware is only a small bit of the attacks that are currently roaming online.