Feeds

Office printers spew reams of garbage as 2-year-old Trojan runs wild

Different kind of garbage

Internet Security Threat Report 2014

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.

A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.

The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.

In a blog post published on Thursday, Symantec describes Milicenso as a "malware delivery vehicle for hire". The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly "needed" to view content on compromised sites, and other similar ruses.

Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a "side effect" of the infection rather than the main goal of the cybercrooks behind the outbreak.

A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus's main directory, as Symantec explains.

During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.

The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. "In our investigation, we observed various French sites being displayed at the end of the redirect chain," Symantec reports.

Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.