COMPUTER PRINTERS across the world have been spilling out reams of nonsense thanks to the outbreak of a malicious 'print bomb' virus called Trojan.Milicenso.
The virus that targets Windows machines has resulted in reports from US, India, Europe and South Amnerica of huge print jobs being sent to servers that then order printers to spew garbage characters until paper stocks runs out.
A post on Symantec's blog explains, "We originally encountered Trojan.Milicenso in 2010 and our initial investigation had shown that this was basically a malware delivery vehicle for hire," the post read. "The payload that is most commonly associated with this latest version is Adware.Eorezo; an adware targeting French speaking users."
Trojan.Milicenso might arrive on a compromised computer via malicious email attachments or by users visiting web sites hosting malicious scripts from links in unsolicited emails.
Symantex said that during the infection phase, a .spl file is created in the Windows' default spool directory. This file is in fact an executable (.exe) that ensures that when a file is created in this folder it triggers endless print jobs.
"This explains the reports of unwanted printouts observed in some compromised environments," Symentex explained. "Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author."
Security firms have issued updates since the spotting to identify Milicenso and clean up any infections. However, Internet Storm Centre has posted further information today regarding a new variant of the 'print bomb' Trojan that has been modified with garbage padding in the executable to help avoid detection.
"This goes to show the malware authors are still hard at work trying to spread their warez," Symantec added.
Perhaps the outbreak is a warning to companies that wastefully print pages needlessly, such as emails, when there are more environmentally responsible alternatives such as tablet computers. µ
New UI, expanded radio and hopefully a fix for that Xzibit bug
And TalkTalk is the first to pay attention
Rise of the robo-van
A lesson in the fragility of Qantas computing