Internet Security News & Views

Omniquad highlights new E-mail Scam – Don’t be scammed by your own scanner!

Omniquad’s technicians are warning about emails that appear to come from your own scanner or multipurpose printer!  The emails got caught in the Mailwall Remote spam filter, and at first they thought they were legitimate scanned documents, but the emails did not in fact contain any scanned documents, but links to sites containing malware.

The fake printer emails claim to have an attached document that come from a Xerox WorkCentre or HP Office Jet printer.
The precise wording used in the e-mail body and types of attachment and attachment name varies from email to email; they all claim to be a scan (or sometimes a forwarded scan) from a Xerox WorkCentre or HP Office Jet printer to fool recipients into believing that attachment is a legitimate document.  These fake messages have no connection with Xerox or HP products.

However the attachment actually containing an HTML or HTML inside ZIP that leading to malware sites which are hosted on multiple IPs.  The ZIP format is probably being used to dodge most spam filters.

To be precise, the HTML or ZIP attachment contains java script which leads to malware sites and secretly downloads a Trojan and add the compromised machine to a botnet. This Trojan may modify the system registry and file system.  It may also attempt to download and install additional malware on the targeted system.

In light of this, it is important to be vigilant with emails that seem to come from a trusted source like your own scanner.

For information:

A few of the malware sites linked to are listed below.

dsakhfgkallsjfd.ru:8080/images/aublbzdni.php
211.44.250.173:8080/navigator/jueoaritjuir.php
doosdkdkjsjdfo.ru:8080/images/aublbzdni.php
debiudlasduisioa.ru:8080/images/aublbzdni.php
62.85.27.129:8080/navigator/jueoaritjuir.php
219.94.194.138:8080/navigator/jueoaritjuir.php
78.83.233.242:8080/navigator/jueoaritjuir.php
superproomgh.ru:8080/navigator/jueoaritjuir.php

Omniquads warning:  Before opening any attachments ensure that this is in fact a legitimate email from your scanner and not a scam email with malicious links.

-The Omniquad Team

Tagged as: , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow blog to be notified of new posts by email.

Recent Comments

Sunrise104 on MovieStarPlanet – Not ju…
%d bloggers like this: