All over the USA and the wider world, printers in homes and businesses have been printing reams of unasked-for pages filled with garbage text. If your printer has been doing this, the fault is almost certainly not with the printer or PC hardware, but the result of an infection by malware, which is triggering huge print jobs as a means of distracting people from its main purpose.
To explain what’s going on here, we’ll need to clarify some common computer security terms.
- Malware – Malware is software that has some harmful purpose, which might be disrupting the operation of your computer, gathering private information, or causing your computer to become part of a botnet. Viruses, trojan horses, spyware, and rootkits are all examples of malware.
- Adware – Adware is software that exists primarily to serve adverts to computer users. Adware need not be harmful, but it is usually annoying, and sometimes has malware as a component.
- Trojan Horse (AKA Trojan) – Trojan horses are malware that often attempt to disguise themselves as something innocuous or as part of your operating systems components.
According to a report recently released by Symantec, it’s a trojan that is responsible for the recent outbreak of misbehaving printers, specifically Trojan.Milicenso. This trojan is used for a variety of purposes by nefarious types, but its main job is to open the gates for more malware. As a side-effect of its main function, Trojan.Milicenso drops an executable file with a random name into the Windows Printer Spool Directory, which is where print jobs are held. This file is copy of Adware.Eorezo, and when Windows tries to print it, garbage results.
Trojan.Milicenso can infect a computer through a variety of channels, including so-called drive-by-downloads, where a malicious website tricks either the user or the browser into downloading it, through a fake audio or video codec a user downloads, or as part of some other program. One of the main ways trojans get into systems is through users clicking links to infected websites in emails. To minimize the chances of getting infected, there are some simple security rules to follow.
- Steer clear of the less salubrious areas of the internet, and definitely don’t download anything from there.
- Don’t click on links in spam emails or instant messages.
- Don’t install any software unless you are absolutely certain that the source is trustworthy.
- Keep your anti-virus software up-to-date.
If you think your computer has been infected with Trojan.Milicenso, update your anti-virus software, and do a thorough scan of your system. Just removing the files from your Spool Directory won’t fix the problem, because the trojan will still be on the system and can recreate them.
Has your printer been acting strangely recently? Do you have any experiences of Trojan. Milicenso? Let us know in the comments or on Twitter.