Evil Printers Sending Mail
A reader reported receiving the following e-mail (modified to anonymize):
From; support@example.com
To: iscreader@example.com
Subject: Fwd: Scan from a HP Officejet #123456
A document was scanned and sent
to you using a Hewlett-Packard HP Officejet 28628D
Sent by: FIRSTNAME
Images: 4
Attachment Type: Image (.jpg) Download
I do not have a printer like this, but it is possible that a multifunction device will send scanned documents as an e-mail in this form. In this case, the links, which I simulated above using a blue underlined font, both lead to a now defunct URL: http://freebooksdfl (dot) info/main.php . The domain is marked as "suspended for spam or abuse" in whois. One of our handlers reports seeing similar e-mail but not being able to capture any of the content on related links so far.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
