Not sure which way to go? I have the answers…

Is it April Fool’s Day? ….Nope, that’s malware attacking your printer

Is it April Fool’s Day? ….Nope, that’s malware attacking your printer

We all run into standard printer frustrations. The inevitable ‘paper jam’ or ‘ink too low,’ when it’s clear there is plenty enough ink left to print your one page document. Let’s be honest, it wouldn’t be a Monday without it. But lately, it’s been security analysts who have been called to the printer rescue instead of the intern.

Security analysts everywhere are now on-guard against a threat that seems it would normally be reserved for April 1st. The well known malware program Trojan.Milicenso is showing new signs of maliciousness across networks and printers everywhere. Printers connected to Windows computers infected with new variants of the malware program, will automatically print out pages full of garbled data.

These so called ‘Print Bomb’ attacks involve printers automatically printing what seems to be the contents of an executable file. How does one go from printing a report to pages and pages of non-sense?

Quite a few ways actually…

What makes these malware programs so difficult to avoid is the variety in which one can become infected. Anything from a malicious e-mail attachment, an undetectable download launched from a compromised website, or a fake codec advertised by social engineering scams.

After a network does become infected, the malware takes up residence in the printer’s spool directory, temporarily holding copies of files they’re scheduled to print. This causes printers attached to computers infected to automatically print the contents of the rogue .spl file, sometimes until their paper runs out.

Believe it or not, running up your ink and paper bill wasn’t the main focus of this malicious program and may have actually been an accident. The actual goal of the malware is to redirect the user to pages to serve up adverts; a common way for malware writers to generate quick revenue. It just so happens that one of the apparent “side effects” of the malware affects printers too.

Because these files aren’t readable to ordinary users without special tools, it churns out incomprehensible jibberish, and doesn’t stop until the printer runs out of paper or the power chord is yanked from the wall in disgust.

‘Well, such a quirky practical joke won’t make it past my virus scanner…”

Actually, you’d be surprised. While it sounds like just a pesky little bug, each instance of the malware file comes encrypted using a key unique to the target computer, making it tough for antivirus scanners to detect. The malicious code even adjusts its behavior if it detects that it’s running in a virtual machine, to evade analysis by experts.

The fact of the matter is that paper and ink aren’t cheap and real security is in order. Leading botnet and malware blockers such as San Diego based, ThreatSTOP can help prevent such malware from making your network (and printer) its new home. Better yet, it’s deployed on your existing firewall to ensure top-level security. Their website offers a free trial of their services along with free ThreatTOOLS to learn of the existing security threats your network is facing right now.

So, unless you’re an investor in Office Depot and don’t mind the added expense in Office Supplies, find the best solution for your business and avoid a seemingly foolish prank from turning into a paper reeling disaster.

Leave a Reply