Malware attack spread as email from your office’s HP scanner

For those on our Security Alert and Update list we just emailed an article by Graham Cluley on how a malware attack spread as email from your office’s HP scanner, yes that’s right a scanner!
In these high-tech times, scanners and photocopiers aren’t just dumb machines sitting in the corner of the office.  They are usually connected to the corporate network, and – in some cases – can even email you at your desk to save you having to wear out your shoe leather.
And it’s precisely this functionality that we have seen cybercriminals exploiting today, pretending that their malicious emails in fact come from an HP scanner inside your organization.
Here’s a typical example of the emails we have been intercepting:

Subject: Re: Scan from a Hewlett-Packard ScanJet 4952740
Message body:
Attached document was scanned and sent to you using a Hewlett-Packard I-56919SL.
SENT BY: SHERRIL
PAGES: 7
FILETYPE: .DOC [Word2003 File]
As you’ll see in the next example, the precise wording (the names and numbers used) can vary from email to email. But each of the emails has the same file attached – HP_Document.zip.

So, what’s in the ZIP file?
hp_page-1-19_24.07.2012.exe
Clearly that’s not a scanned-in image – it’s executable code.
In fact, it’s a Trojan horse called Troj/Agent-XDD, capable of infecting your Windows PC and putting your computer data at risk.
Here’s a list of some of the different subject lines we saw in this spammed-out malware campaign, in the just the course of a few seconds:

We’ve seen malware spread as scans from HP devices in the past, but there has been a notable wave of malicious code spammed out using the disguise today – so be on your guard.
If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a scanned-in document to be sent to you. Instead, simply delete the email and your computer will be safe.