Another fake HP scan spam email leading to malware. This one follows the new technique of putting a malicious HTML (HP_Scan.htm) file inside a ZIP file to reduce the risk of it being blocked, and then it has multiple payload sites to try to get a higher infection rate. Nasty.Date: Fri, 6 Apr 2012 08:29:34 +0200
From: "Hewlett-Packard Officejet 70419A" [JaysonGritten@estout.com]
Subject: Scan from a Hewlett-Packard ScanJet #02437326
Attachments: HP_Document-12-Z1380.zip
Attached document was scanned and sent
to you using a Hewlett-Packard HP Officejet 45211A.
Sent by: MILLIE
Images : 7
Attachment Type: ZIP [DOC]
Hewlett-Packard Officejet Location: machine location not set
Device: OFC347AA3BSX37057762
The payload can be found at:
hxxp://211.44.250.173:8080/navigator/jueoaritjuir.php
hxxp://62.85.27.129:8080/navigator/jueoaritjuir.php
hxxp://219.94.194.138:8080/navigator/jueoaritjuir.php
hxxp://78.83.233.242:8080/navigator/jueoaritjuir.php
..the IP address can also be found in this attack.
A Wepawet report can be found here. Anti-virus detection is pretty poor at the moment.
The bad guys certainly seem to have found a way to bring more machines into contact with this malware. Take care!
No comments:
Post a Comment