Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


‘HP OfficeJet Printer Scan’ Bulk E-mails Result in Malware Infection

SophosLabs is monitoring one fake e-mail scam that's profusely infecting the PCs of unwitting end-users. The attack, which's getting extensively spammed, poses as a message carrying a particular scan that one HP OfficeJet printer performed. NakedSecurity published this dated February 23, 2012.

Displaying a caption, "Scan from a HP OfficeJet #43384897," the dangerous electronic mail refers to an attached document that after being scanned with a Hewlett-Packard HP OfficeJet 81998A has been dispatched to the recipient and as an .HTML attachment from "BETTYANN."

But the HTML file-attachment contains one malevolent code, which compels the user for visiting intermediate websites possibly containing malware and/or attack-code. Moreover, soon as this file-attachment is opened, the mentioned code tries installing client-side exploits so as to benefit externally-running hijacked sites.

Senior Researcher Graham Cluley at Sophos points out that it isn't anything new to have assaults that disguise their actual purpose via pretending to be an e-mail providing a printer-operated scan, while such assaults have previously assisted online-crooks to contaminate PCs with Adobe/Java attack codes. Help Net Security published this on February 24, 2012.

Meanwhile, the malicious file within the attachment, according to Sophos researchers, has been identified as Mal/Iframe-W.

Nonetheless, it isn't new that HP-printers are propagating malicious software. During November 2011, security investigators at Columbia University discovered one vital core flaw within particular HP-printers in a network, which allowed an external system gain access to print jobs; insert malware from the remote, inside the firmware of the printer, which compromised the machine. According to them, the Hewlett-Packard LaserJets skipped examining the presence of digital signatures towards the confirmation of the updates' authenticity. Consequently, a remote cyber-criminal could acquire admission into an organization's network via the dispatch of a print task laden with malware to an Internet linked printer.

Conclusively, security specialists advise that PC-operators require being aware about uninvited e-mail attachments, while being extra cautious of clicking anything merely for the reason it appears as one official message. Further, anti-spam and anti-virus software should be kept up-to-date. Above all, users require applying common sense so the possibilities of letting an assault turn out effective are minimized, add the specialists.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 01-03-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.
To reward your interest, we would like to offer you any of our award-winning products
at the price $19.95. Pick your own favorites.

Go back to previous page