Infected printers spew out pages of garbage

Posted by Emma Woollacott

You can't help suspecting that many people won't notice the difference, but a new outbreak of the Trojan.Milicenso malware has left printers all over the world spewing out page after page of garbage.

The problem's worst in the US and India, although Europe and South America have also been hit. Massive print jobs are sent to print servers, causing the printer to produce garbage characters until it runs out of paper.

Symantec says it first discovered the malware in 2010, whe it characterized it as 'a malware delivery vehicle for hire'. It says the payload associated with the current atttack is Adware.Eorezo; an adware targeting French speaking users.

Trojan.Milicenso can arrive through malicious email attachments or visits to websites hosting malicious scripts - often unintentionally, when a user clicks a link in an unsolicited email. Symantec says it's also encountered a large number of samples that appear to be packaged as a fake codec.

As for the endless printing, this may be not be deliberate.
 
"During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers," says Symantec on the company blog.

"The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments."

In other words, says Symantec, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal.
 
There's more information here.