Thursday, May 19, 2016

HP Scanjet Virus / Scam / Malware

Today I got this scam email below. I Googled some of the text in the document and found this good article here about the dangers of opening the file that was sent to me:

Regarding the email that was sent to me, the 'from' address was:

Note: that is MY domain name, but they spoofed it so that it looks like it came from my server. It didn't. It really came form here: /   That's a Middle Eastern email provider.


Subject line:

Scan  #B545F39BB7_CA32312544


Body of message:

Scanner id: B545F39BB7_CA32312544
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #8901766876.#92274432.#0092133
File: MSG0008789308
To: [my email address]

Save time with fast scanning speeds and intuitive controls.
Set up quickly, using a single cable. Enjoy high-resolution
document detail. One-touch scan-to buttons let you start
working and sharing fast. Place this compact scanner almost


The attached malware file is named:


Here is the raw header:

Content-Type: multipart/mixed; boundary="------------039084853536147527459673"
Mime-Version: 1.0
X-Smartermail-Spam: SPF_SoftFail, Spamhaus - PBL2, UCEProtect Level 2, Commtouch 0 [value: Unknown], ISpamAssassin 0 [raw: 0], DK_None, DKIM_None
Received: from ( []) by with SMTP; Thu, 19 May 2016 08:50:53 -0400
X-Smartermail-Totalspamweight: 19
X-Ctch-Refid: str=0001.0A090203.573DB6A5.00EF,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
SPAM-MED:  Scan  #B545F39BB7_CA32312544

When i put in that domain (, the true sender of this message), I'm redirected to this site:

Do not open the above message or any messages that resembles it.