The Malware that Wastes Paper

A sign you’ve been hacked: your printer starts spewing printed pages
full of junk. This isn’t an economic attack (unless you’ve got a massive color inkjet that costs 0.10/sq foot to run) — it’s a good example of an attacker’s error highlighting the attack.

Triggering junk print jobs is a mistake that will get the attention of even the most oblivious user. Why? People hate seeing waste.

For example, there’s an elegant solution to recycling in Germany. Instead of guilting people into it, they put a hefty (0.25-0.08€) deposit on recyclable bottles. If you buy bottled water, you can bring the empty to the nearest supermarket and get your 0.25€ back. Or (in cities like Berlin) the city’s poorest inhabitants will take care of recycling for you — they can earn a surprisingly decent amount collecting bottles. (Broke backpackers and the like do it too.)

If people spend that much energy on making sure plastic and glass gets recycled, imagine the reaction of some random user who sees his printer start wasting paper…

http://www.securityweek.com/malware-killing-trees-launching-junk-print-jobs

“For the last two weeks, based on reports to and observations made by Symantec, an established family of malware has been launching print jobs that do nothing but waste paper.[…]

As it turns out however, the Adware is buggy. During the infection phase, a .spl file is created in an alternate print spool folder created by the malware. “The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs,” Symantec explained.

“This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.””

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: