Feeds

Office printers spew reams of garbage as 2-year-old Trojan runs wild

Different kind of garbage

Website security in corporate America

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.

A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.

The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.

In a blog post published on Thursday, Symantec describes Milicenso as a "malware delivery vehicle for hire". The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly "needed" to view content on compromised sites, and other similar ruses.

Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a "side effect" of the infection rather than the main goal of the cybercrooks behind the outbreak.

A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus's main directory, as Symantec explains.

During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.

The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. "In our investigation, we observed various French sites being displayed at the end of the redirect chain," Symantec reports.

Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.