Spamvertised 'Scan from a HP OfficeJet' emails lead to exploits and malware

Security researchers from Sophos have intercepted a currently spamvertised malware campaign, enticing end and corporate users into downloading and viewing a malicious HTML file.

Security researchers from Sophos have intercepted a currently spamvertised malware campaign, enticing end and corporate users into downloading and viewing a malicious HTML file.

Sample subjects include:

  • Re: Fwd: Scan from a Hewlett-Packard Officejet 69087080
  • Fwd: Re: Scan from a HP Officejet #43384897
  • Fwd: Re: Scan from a Hewlett-Packard Officejet #1584730
  • Re: Scan from a Hewlett-Packard Officejet 1206754
  • Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #886303 1.2
  • Re: Fwd: Fwd: Scan from a HP Officejet #75709542
  • Fwd: Re: Fwd: Scan from a Hewlett-Packard Officejet #128469
  • Fwd: Re: Re: Scan from a Hewlett-Packard Officejet #662447
  • Re: Scan from a HP Officejet #49477094
  • Fwd: Fwd: Scan from a Hewlett-Packard Officejet #885932
  • Fwd: Fwd: Scan from a HP Officejet #09665907

Once the end user downloads and previews the malicious attachment, a script inside the HTML file will attempt to load client-side exploits for external compromised web sites.

End and corporate users are advised to report the emails as spam/malicious and avoid interacting with the content of the email messages.