Oh those cybercriminals are so tricky. They send a legitimate looking email with an attachment, and the Windows user caught off guard decides to download the attachment to see just what it is. As Dorothy Parker said, there's no cure for curiosity.
Sophos' blog Naked Security alerted readers to two such scams this week. One claims to contain an HP Officejet scan. See samples here.
Attached document was scanned and sent
to you using a Hewlett-Packard HP OfficeJet 81998A.
Sent by: BETTYANN
Images: 0
Attachment Type: .HTML [Internet Explorer]
HP Officejet Location: -
The names and numbers vary, and the attachment looks something like this:
HP_Document_02-22_OFCJET84014.htm
Again, the numbers will vary. But the attachment is an HTM document which contains a malicious script which will send the browser to another site which may contain more malware.
A similar malware scam is in the form of an email claiming to be about a Changelog. That one contains an HTM document, too.
Safest bet, don't download attachments with HTM suffixes.
Honestly it is hard to come across a worthy blog worth commenting on these days, the web is truly too flooded. Adore this post, adore your blog. Just thought i would let you know!
Posted by: Sereseada | May 26, 2012 at 12:21 PM