Malware attack spread as email from your office’s HP scanner

Scanner. Image from ShutterstockIn these high-tech times, scanners and photocopiers aren’t just dumb machines sitting in the corner of the office.

They are usually connected to the corporate network, and – in some cases – can even email you at your desk to save you having to wear out your shoe leather.

And it’s precisely this functionality that we have seen cybercriminals exploiting today, pretending that their malicious emails in fact come from an HP scanner inside your organisation.

Here’s a typical example of the emails we have been intercepting at SophosLabs:

Sign up to our free newsletter.
Security news, advice, and tips.

Example of malicious email

Subject: Re: Scan from a Hewlett-Packard ScanJet 4952740

Message body:
Attached document was scanned and sent to you using a Hewlett-Packard I-56919SL.

SENT BY: SHERRIL
PAGES: 7
FILETYPE: .DOC [Word2003 File]

As you’ll see in the next example, the precise wording (the names and numbers used) can vary from email to email. But each of the emails has the same file attached – HP_Document.zip.

Example of malicious email

So, what’s in the ZIP file?

hp_page-1-19_24.07.2012.exe

Clearly that’s not a scanned-in image – it’s executable code.

In fact, it’s a Trojan horse called Troj/Agent-XDD, capable of infecting your Windows PC and putting your computer data at risk.

Here’s a list of some of the different subject lines we saw in this spammed-out malware campaign, in the just the course of a few seconds:

Some subject lines used by malicious email

We’ve seen malware spread as scans from HP devices in the past, but there has been a notable wave of malicious code spammed out using the disguise today – so be on your guard.

If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a scanned-in document to be sent to you. Instead, simply delete the email and your computer will be safe.

Scanner image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.