Security researchers from antivirus company Symantec have pointed out a malware programme called Trojan.Milicenso that has infected printers connected to Windows PCs worldwide and is causing the automatic printing of pages full of garbled data.
Earlier this month, the SANS Internet Storm Center had reported about print bomb attacks that caused printers to automatically print what appeared to be contents of an executable file. The SANS ISC experts who obtained copy of the printed file say it was a part of an adware programme, designed to show ads without authorisation, also dubbed as Adware.Eorezo.
Symantec researchers say the Adware.Eorezo file was being dropped on affected PCs by new variants of Trojan.Milicenso. It's learnt that Trojan.Milicenso first appeared in 2010, but a new surge in malware spread has been witnessed in the last two weeks. Symantec believes it's a bug, an unintentional side-effect, that causes automatic printing.
“Our initial investigation had shown that this was basically a malware delivery vehicle for hire. The payload that is most commonly associated with this latest version is Adware.Eorezo; an adware targeting French speaking users,” says Symantec in a blog post.
If figures provided by Symantec are to believed, India and the U.S. are the worst hit regions followed by Europe and South America.
Symantec says the Trojan.Milicenso can hit an infected computer via various ways, such as malicious e-mail attachments or visiting sites with malicious scripts. Symantec adds it has discovered a number of samples that appear to be packaged as a fake codec.
However, unlike some threats that cease all action in such a situation, Milicenso carries very few suspicious activities. The Symantec report indicates it's likely to get labeled as low risk.