View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Office printers targeted by paper-spewing virus

Malware sends massive print jobs to printers the world over

By Cbr Rolling Blog

A Windows virus has been causing havoc – by making printers churn out page after page of nonsense.

The spike in activity from the virus – called Trojan.Milicenso – was spotted by security firm Symantec. The company says the malware sends constant print jobs to the printer, meaning page after page is printed out and keeps going until the machine runs out of paper.

It was first spotted back in 2010 and is described by Symantec as basically "malware delivery vehicle for hire." It has been spotted in the US and India primarily, with parts of South America and Europe also hit.

It infects computers through malicious email attachments or when a user visits an infected website, known as a drive-by download.

Making printers go crazy isn’t the malware’s primary goal. Symantec says that the virus is well encrypted so full analysis is difficult but it appears to redirect a user’s web traffic to serve up certain adverts. Symantec says the chain of redirects often leads to French language websites.

One side effect of this malware is that it inserts a .spl print spooling file into the network’s print queue.

"The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo," the Symantec blog explained. "Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author," the blog added.

One further interesting point about this piece of malware is that rather than hiding to avoid detection, it uses the adware capabilities to distract attention. "Most sandbox detection/check routines are used as a protection mechanism to enable a threat to hide itself or thwart analysis. However, in this case despite detecting the presence of a sandbox the threat, instead of ceasing all activity, actually performs certain specific activities, such as contacting sites," Symantec said.

"These actions are associated with Adware.Eorezo and it seems that it is using the adware as a decoy to distract attention from itself, thereby attempting to avoid malware analysis as this would categorise it as low risk and be dismissed," the blog added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.