If your printer ever starts burning through reams of paper and wasting ink/toner by printing random gibberish, don’t worry – it’s not the work of a poltergeist.It could be an indication of a malware infection, though.
Trojan.Milicenso is a “malware delivery vehicle for hire” that Symantec researchers have been keeping tabs on since it was first spotted in 2010.
The malware’s most recent endeavors involve infecting machines in the U.S., India, northern Europe and South America to annoy users with advertisements & send printers into a paper-wasting frenzy. (The latter is said to be a “side effect” rather than an intentional goal.)
There are many ways Trojan.Milicenso can make its way onto your PC, including via malicious email attachments, drive-by-download websites (often linked to in spam emails), or masquerading as fake video codecs.
After successfully gaining entry into a target machine, the malware will edit registry files so it runs on Windows startup, ensuring that it can jump on every opportunity to redirect the user’s browser in order to display advertisements.
The printing madness stems from the malware creating .spl file (an executable file detected as Adware.Eorezo in hiding) within the Window’s default print spooler directory ([DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl.), which – depending on the system configuration – triggers print jobs that don’t stop until the printer runs out of paper or the plug is pulled.
Symantec detects the file associated with this threat as Trojan.Milicenso, Adware.Eorezo, Packed.Generic.371 and Packed.Generic.372.
To prevent your PC from becoming infected (and save trees), it’s recommended that you:
- Keep your operating system & installed software patched and up-to-date.
- Run antivirus software and keep the virus definitions current.
- Be careful not to download files attached to emails from untrusted sources OR click links within suspicious emails.
Photo Credit: leokoivulehto
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+
No comments:
Post a Comment