Malware Infection Forces Printers to Print Garbled Data, Researchers Say - littleandings

Printers connected to Windows computers dirty with recent variants of a malware program called Trojan.Milicenso, will mechanically photographic print out pages full of disconnected data, according to surety researchers from antivirus firm Symantec.

On June 9, the SANS Internet Storm Center (ISC) according about recently observed print bomb attacks that involved printers automatically printing what seemed to be the contents of an executable file.

The SANS ISC's experts obtained a re-create of the printed file and determined that IT was a part of an adware program — a program designed to display ads without authorization — perceived by around antivirus products as Adware.Eorezo.

Security researchers from Symantec also investigated reports of unlicenced printouts and found that the Adware.Eorezo file was being dropped on affected computers past new variants of Trojan.Milicenso.

Trojan.Milicenso first appeared in 2022, but a new outbreak has been recorded during the past two weeks, Symantec's surety reception squad said in a blog post on Thursday. "Our telemetry data has shown the bottom hit regions were the U.S.A and India followed aside regions in EEC and South America."

The Symantec researchers believe that Adware.Eorezo, which redirects users to French-language website, is being used past Trojan horse.Milicenso as a decoy to unhinge attention from itself.

Trojan.Milicenso is spread-out in several ways: as a leering e-chain armour attachment, as a drive-by download launched from compromised websites operating theater as a fake codec publicised by social technology scams, the Symantec researchers said.

After it infects a estimator, the malware drops a transcript of Aware.Eorezo as a randomly named .spl file (Windows Printer Reel File) in the default Windows printer spool directory — %SystemRoot%system32spoolprinters. Despite the .spl extension, the rogue charge is in reality an executable one.

The spool directory temporarily holds copies of files that printers are scheduled to print. Even though some printers allow users to specify a custom spool directory, many configurations use the default Windows ane.

This causes printers attached to computers infected with late Dardanian.Milicenso variants to mechanically print the contents of the scalawag .spl file, sometimes until their paper runs out.

"Supported what we throw discovered thusly far, the garbled printouts appear to be a sidelong effect of the infection transmitter rather an intentional destination of the author," the Symantec researchers said.

Connected Thursday, researchers from SANS ISC discovered a new variable of this Trojan program with a rattling minimized antivirus detection rate, suggesting that the

Users who observe this type of unofficial printer behavior are informed to scan their computers with an antivirus program capable of detecting and removing Trojan.Milicenso and Aware.Eorezo.