Scammers masquerade as printers

September 28, 2011

Emails that purport to originate from printers are hackers’ latest methodology.

Hackers are now sending malicious emails that identify as originating from printers as a new method of implanting Trojan downloaders, software that can be used to implant other malware onto computers or steal documents, PC World has reported.

Paul Wood, Senior Intelligence Analyst for Symantec.cloud, commented: “This is a new tactic we haven’t really seen before.”

Symantec published example emails collected in their monthly Intelligence Report, many featuring convincing details such as subject lines reading “FWD: Scan from a HP Officejet”, with the email reading “Attached document was scanned and sent to you using a Hewlett-Packard HP Officejet 05701J. Sent by Morton.”

Although the Trojan downloader is contained in a “.zip” file, most printers are unable to send such files, so the attachment is usually disguised with a false “.doc” or “.jpg” designation.

Security researcher Deral Heiland recently discussed the security issues printers and MFPs presented at the DefCon 19 Conference. Heiland highlighted basic coding flaws in HP, Canon, Sharp and Ricoh printers.