Over the last couple of hours, cybercriminals have started spamvertising millions of emails pretending to be coming from HP ScanJet scanner, in an attempt to trick end and and corporate users into downloading and viewing the malicious .html attachment.
Upon viewing, the document loads the invisible iFrame script, ultimately redirecting the user to a landing URL courtesy of the Black Hole web malware exploitation kit.
The ongoing spam campaign is using both, zip attachments containing a malicious executable, and a malicious iFrame loading .html file. Let’s take a closer look at the dynamics behind the campaigns.
Scan from a Hewlett-Packard ScanJet #[random number]