Feeds

Office printers spew reams of garbage as 2-year-old Trojan runs wild

Different kind of garbage

The Power of One eBook: Top reasons to choose HP BladeSystem

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.

A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.

The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.

In a blog post published on Thursday, Symantec describes Milicenso as a "malware delivery vehicle for hire". The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly "needed" to view content on compromised sites, and other similar ruses.

Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a "side effect" of the infection rather than the main goal of the cybercrooks behind the outbreak.

A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus's main directory, as Symantec explains.

During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.

The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. "In our investigation, we observed various French sites being displayed at the end of the redirect chain," Symantec reports.

Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.