Sponsored by..

Wednesday, 28 March 2012

"Scan from a Hewlett-Packard ScanJet" with zip attachment / superproomgh.ru

This fake HP email has a ZIP attachment, containing an HTML file that leads to malware. The ZIP format is presumably being used to get past virus scanners.

Subject: Re:  Scan from a Hewlett-Packard ScanJet 20382282 

Attached document was scanned and sent
to you using a Hewlett-Packard NetJet 280904SL.

FILETYPE: .HTM [Internet Explorer File]
(See attached file: HP_Jet_27_P683.zip)

The HTML file leads to malware at superproomgh.ru:8080/navigator/jueoaritjuir.php (report here) which is multihomed on the following IPs: (Neotel Pty, South Africa) (ChinaNet Hunan, China) (Microlink, Latvia) (Spectrum Net JSC, Bulgaria) (Bharti Infotel Ltd, India) (Ministry of Education, Thailand) (Satata Neka Tama, Indonesia) (Commission For Science And Technology, Pakistan) (Commission For Science And Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Sakura Internet, Japan)

Plain list for copy-and-pasting:

No comments: