Wild Trojan Causing Printers To Print Gibberish

More like hide your paper, hide your ink. Over the past few weeks businesses around the world have been complaining that their printers have been spewing out gibberish and meaningless characters till their printer’s paper trays are empty.

Dubbed the Trojan.Milicenso, its payload is often associated with the Adware.Eorezo and targets Windows-based computers. The trojan spreads through sites and email with malicious code or attachments, or even disguising themselves as fake video codecs. When the user opens the malware, it loads a bunch of .exe programs and .dll files to the System, Program Files, and Temp folder, then it redirects the user to pages to show up advertisements to distract the user and to avoid analysts, and then loads files into the printer queue, sending pages and pages of random code unreadable to the computer without special tools and software, resulting in printing gibberish till the printer is out of paper, power is interrupted, or cancelled be a system admin.

At this point, Symantec has reported that the trojan has primarily infected the United States, followed by India, Northern Europe and Brazil. The virus is digitally signed by digital certificate issued for Agence Exclusive, a nonexistent company. The strange thing is that although the virus was designed to steal information, it creates a spool file (.spl) in the Windows’ print spooler directory, causing the printer to automatically unload the trojan’s contents.

It is an ink/printer paper distributor’s dream come true. With this trojan, businesses will have to result to buying more paper and ink to continue to operate.

(source Symantec)